CN108173839B - Rights management method and system - Google Patents
Rights management method and system Download PDFInfo
- Publication number
- CN108173839B CN108173839B CN201711431178.1A CN201711431178A CN108173839B CN 108173839 B CN108173839 B CN 108173839B CN 201711431178 A CN201711431178 A CN 201711431178A CN 108173839 B CN108173839 B CN 108173839B
- Authority
- CN
- China
- Prior art keywords
- authority
- resource
- configuration
- application
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000007726 management method Methods 0.000 title claims description 128
- 238000000034 method Methods 0.000 claims abstract description 46
- 230000004044 response Effects 0.000 claims abstract description 28
- 238000013475 authorization Methods 0.000 claims description 20
- 238000004891 communication Methods 0.000 claims description 14
- 238000012423 maintenance Methods 0.000 claims description 11
- 238000012545 processing Methods 0.000 claims description 2
- 238000012360 testing method Methods 0.000 description 14
- 230000006870 function Effects 0.000 description 8
- 238000012986 modification Methods 0.000 description 7
- 230000004048 modification Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 235000019580 granularity Nutrition 0.000 description 5
- 230000001960 triggered effect Effects 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000004590 computer program Methods 0.000 description 2
- 230000007547 defect Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000011022 operating instruction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method and a system for managing authority. Wherein, the method comprises the following steps: storing the authority configuration information corresponding to each application server in an authority management database; when receiving a permission management request from an application server, acquiring a permission keyword contained in the permission management request; determining an authority inquiry result corresponding to the authority keyword according to the authority configuration information stored in the authority management database; and returning a response message corresponding to the authority management request to the application server according to the authority inquiry result. Therefore, by adopting the scheme, the authority information of the plurality of application systems can be managed and inquired in a unified manner, the authority management information does not need to be maintained by each application system, the overhead of each application system is saved, the service operation efficiency of the application systems is improved, and convenience is provided for the authority management operation.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a method and a system for managing authority.
Background
At present, with the popularization of computer technology, various application systems emerge endlessly, and bring convenience to users. For example, some application systems can provide users with inquiry and use functions of various test questions, some application systems can provide users with convenient shopping functions, and other application systems can provide users with reading functions.
Generally, each application system has a corresponding authorized operation user, and different authorized operation users may have different operation rights. For example, the test question application system is taken as an example, and the authorized operation users comprise operation and maintenance users and consumption users. The operation and maintenance user is responsible for carrying out various setting operations on the test question application system, and the consumption user can browse the purchased test question content. Therefore, the operation authority of the operation and maintenance user is different from that of the consumption user. Also, the content of the test questions that the user a and the user B can view is different for the consumer user. In order to set corresponding operation permissions for different users, permission configuration operation needs to be performed inside the test question application system to realize a permission management function. Therefore, in the prior art, in order to implement the authority management operation, each application system needs to implement the authority configuration and management function inside the system.
However, the inventor finds that the above mode in the prior art has at least the following defects in the process of implementing the invention: each application system is responsible for maintaining the service data related to the service operation, and must additionally maintain the data related to the authority management, thereby greatly increasing the load of the application system and bringing unnecessary influence to the normal service operation of the application system.
Disclosure of Invention
In view of the above, the present invention has been made to provide a rights management method and system that overcomes or at least partially solves the above problems.
According to an aspect of the present invention, there is provided a rights management method, including:
storing the authority configuration information corresponding to each application server in an authority management database;
when receiving a permission management request from an application server, acquiring a permission keyword contained in the permission management request;
determining an authority inquiry result corresponding to the authority keyword according to the authority configuration information stored in the authority management database;
and returning a response message corresponding to the authority management request to the application server according to the authority inquiry result.
According to another aspect of the present invention, there is provided a rights management system comprising:
the storage module is suitable for storing the authority configuration information corresponding to each application server into an authority management database;
the acquisition module is suitable for acquiring the authority key words contained in the authority management request when the authority management request from the application server is received;
the inquiry module is suitable for determining an authority inquiry result corresponding to the authority keyword according to the authority configuration information stored in the authority management database;
and the response module is suitable for returning a response message corresponding to the authority management request to the application server according to the authority inquiry result.
According to still another aspect of the present invention, there is provided an electronic apparatus including: the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction enables the processor to execute the operation corresponding to the authority management method.
According to still another aspect of the present invention, there is provided a computer storage medium having at least one executable instruction stored therein, where the executable instruction causes a processor to perform operations corresponding to the above-mentioned rights management method.
According to the authority management method and the authority management system disclosed by the invention, the authority configuration information corresponding to each application server can be stored in the authority management database, and correspondingly, when an authority management request from the application server is received, an authority query result corresponding to the authority keyword is determined according to the authority keyword contained in the authority management request and the authority configuration information stored in the authority management database; and returning a response message corresponding to the authority management request to the application server according to the authority inquiry result. Therefore, the method in the embodiment can uniformly manage and query the authority information of the plurality of application systems, and each application system does not need to maintain the authority management information by itself, so that the overhead of each application system is saved, the service operation efficiency of the application system is improved, and convenience is provided for the authority management operation.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
FIG. 1 is a flow diagram illustrating a rights management method according to one embodiment of the invention;
FIG. 2 is a flow diagram illustrating a rights management method according to another embodiment of the invention;
FIG. 3 is a system diagram of a rights management system according to another embodiment of the invention;
fig. 4 shows a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
Fig. 1 is a flowchart illustrating a rights management method according to an embodiment of the present invention. As shown in fig. 1, the method includes:
step S110: and storing the authority configuration information corresponding to each application server into an authority management database.
The application server is a server for providing service support for the corresponding application. For example, taking the test question application as an example, the test question application server needs to provide service support for the test question application server, and the number of the specific test question application servers may be one or more. The main executing body of this step and its subsequent steps may be an authority management system dedicated to managing the authority of various applications, and the authority configuration information corresponding to each application server is stored in the authority management database through the authority management system.
The authority configuration information corresponding to each application server is as follows: rights configuration information associated with the corresponding application. Specifically, the authority configuration information may include various types, for example, application authority configuration information, resource authority configuration information, terminal authority configuration information, operation authority configuration information, and the like. The application authority configuration information is used for configuring the authority of the application. The resource authority configuration information is used for configuring the authority corresponding to each resource contained in the application, and includes a user identifier of a user capable of operating the resource and/or an operation type capable of being executed for the resource. The terminal permission configuration information is used for configuring the permission corresponding to each user terminal, and includes the resource identifier of the resource which can be operated by the user terminal and/or the operation type which can be executed. The operation authority configuration information is used for configuring authorities related to various operations, including resources and/or user terminals applicable to a certain operation type.
Besides, the authority configuration information may also include various forms of information as long as the information is related to the authority configuration operation, and the specific meaning of the authority configuration information is not limited in the present invention.
Step S120: when receiving a rights management request from an application server, a rights keyword included in the rights management request is acquired.
The right management request sent by the application server may be triggered and sent by the application server itself. For example, when an operation and maintenance person corresponding to the application server needs to query the permission configuration condition of the application, the permission management request can be directly sent through the application server. Alternatively, the rights management request sent by the application server may be triggered according to a received operation request sent by the user terminal. For example, when the first user terminal sends an operation request of a query type for the first resource included in the application, the application server generates a corresponding rights management request according to the operation request.
The authority management request comprises an authority key word which is used for determining corresponding authority information. The specific content and number of the authority keywords can be set according to actual conditions. For example, in the first case, the operation and maintenance personnel may set the authority keyword according to the specific content of the authority configuration situation to be queried. For another example, in the second case, the permission keyword is determined according to the operation request sent by the user terminal, and specifically, the permission keyword may include: the query type operation information, the resource identification information of the first resource, the application identification corresponding to the application, and/or the terminal information of the first user terminal, etc.
Step S130: and determining the authority inquiry result corresponding to the authority key word according to the authority configuration information stored in the authority management database.
Since the permission configuration information and the permission keyword are provided by the application server, an association relationship exists between the permission configuration information and the permission keyword, and the permission query result corresponding to the permission keyword can be determined through the permission configuration information.
For example, in the first case described above, it is assumed that the rights keyword includes: the resource identification information of the first resource can determine, by the keyword, that the application server intends to confirm the following: a user terminal capable of operating the first resource and/or a type of operation capable of being performed with respect to the first resource. Correspondingly, the information of each user terminal capable of operating the first resource and the operation type corresponding to the first resource are stored in the pre-stored authority configuration information. Therefore, the terminal list of the user terminal capable of operating the first resource and/or the operation type (for example, operations including query, modification, deletion, and the like) capable of being performed on the first resource can be determined through the query.
As another example, in the second case described above, it is assumed that the rights keyword includes: the query type operation information, the resource identification information of the first resource, and the terminal information of the first user terminal. By the keyword, it can be determined that the application server wants to confirm the following: whether the first user terminal has the authority of inquiring the first resource or not. Accordingly, information of each user terminal capable of operating the first resource is stored in the pre-stored authority configuration information, and further, in what operation manner each user terminal can operate the first resource is stored. Therefore, whether the first user terminal has the authority of inquiring the first resource can be determined through inquiring.
Step S140: and returning a response message corresponding to the authority management request to the application server according to the authority inquiry result.
Specifically, the specific content of the response message depends on the specific form of the rights management request and the type of query result. For example, in the first case described above, the terminal list of the user terminals capable of operating the first resource and/or the type of operation that can be performed with respect to the first resource is determined by a query. Accordingly, a terminal list of the user terminals capable of operating the first resource and/or a type of operation capable of being performed on the first resource may be included in the response message for viewing by the operation and maintenance personnel.
For another example, in the second case, it may be determined whether the first user terminal has the right to perform the query operation on the first resource through the query. Accordingly, the response message may include a parameter indicating whether the first user terminal has the authority to perform the query operation on the first resource, so that the application server determines whether the first user terminal has the authority according to a value of the parameter. For example, if the parameter value is 0, it indicates that the first user terminal has the authority to perform the query operation on the first resource, and if the parameter value is 1, it indicates that the first user terminal does not have the authority to perform the query operation on the first resource. Correspondingly, the application server responds to the operation request of the first user terminal according to the query result. For example, if the first user terminal has the right to perform the query operation on the first resource, the application server allows the first user terminal to perform the query operation on the first resource; otherwise, the application server refuses the first user terminal to perform query operation on the first resource.
Therefore, the method in the embodiment can uniformly manage and query the authority information of the plurality of application systems, and each application system does not need to maintain the authority management information by itself, so that the overhead of each application system is saved, the service operation efficiency of the application system is improved, and convenience is provided for the authority management operation.
Fig. 2 is a flow chart of a rights management method according to another embodiment of the invention. The main execution body of the method is a right management system (or called a right management platform), and the right of a plurality of applications can be managed through the right management system. As shown in fig. 2, the method includes:
step S200: and receiving permission configuration information sent by each application server through a preset permission configuration inlet in advance.
The right configuration entry may be an interface provided by a right management system, and specifically includes at least one of the following: the method comprises an application authority configuration inlet, a resource authority configuration inlet, an authorized terminal configuration inlet and an authorized operation configuration inlet.
Specifically, when the right configuration portal configures a portal for the application right, the right information related to the application can be configured through the application right configuration portal. Accordingly, the authority configuration information sent through the application authority configuration portal includes: the application authority configuration method comprises the application identification of the application to be configured with the authority and the application authority configuration information corresponding to the application identification. For example, an operator may add, through an authority configuration entry provided by the authority management system in the present invention, related information of an application to which an authority is to be configured, specifically including an application identifier of the application and application authority configuration information corresponding to the application identifier. For example, a newly developed application may add information related to the application through the rights configuration portal.
When the right configuration entry is a resource right configuration entry, the right configuration information sent by the resource right configuration entry includes: the resource configuration method comprises the resource identification of the resource to be configured with the authority and the resource authority configuration information corresponding to the resource identification. Wherein, the resource authority configuration information includes: and authorized operation class information corresponding to the resource identifier and/or authorized terminal class information corresponding to the resource identifier. Specifically, one application further includes multiple resources, and each resource needs to be distinguished by a resource identifier, and corresponding resource right configuration information is configured for each resource. For example, it is assumed that one website navigation application internally includes a navigation bar resource, a home page resource, a user comment resource, a ranking list resource, and the like. Correspondingly, each resource is newly added for the website navigation application through the resource authority configuration entrance, and the resource authority configuration information of each resource is respectively set. The resource authority configuration information includes authorized operation class information corresponding to the resource identifier and/or authorized terminal class information corresponding to the resource identifier. The authorization operation class information corresponding to the resource identifier is: the legal operation types supported by the resource comprise inquiry operation, modification operation and the like. The authorized terminal class information corresponding to the resource identifier is: information of a legitimate terminal capable of operating the resource. Optionally, the resource right configuration information of the resource specifically includes: and authorization operation information which is possessed by the authorization terminal and corresponds to the resource identifier. For example, in practical applications, one resource supports query operation and modification operation, and both user a and user B can operate the resource, but the authorization operation information possessed by user a is only query operation, that is: the user A can only inquire the resource and can not modify the resource; the authorization operation information of the user B includes both the query operation and the modification operation, that is: user B can not only query the resource but also modify it. Therefore, in the embodiment, the authorization operation information of each authorization terminal can be further stored, so that the management of each terminal user can be better realized. As can be seen from the above description, the resource permission configuration entry is an entry configured from the perspective of the resource type, and is used for configuring each permission related to the resource for each resource.
When the authority configuration entry comprises an authorized terminal configuration entry, the authority configuration information sent by the authorized terminal configuration entry comprises: the method comprises the steps that a terminal identifier of an authorized terminal and terminal authority configuration information corresponding to the terminal identifier are obtained; wherein, the terminal authority configuration information includes: authorized operation class information corresponding to the terminal identification and/or authorized resource class information corresponding to the terminal identification. Wherein, the authorization operation class information corresponding to the terminal identifier is: the legal operation types supported by the terminal comprise inquiry operation, modification operation and the like. The authorized resource class information corresponding to the terminal identifier is: information of legal resources that the terminal can operate. Optionally, the terminal right configuration information specifically includes: the terminal is capable of performing what type of operation it is capable of operating on the resources it is capable of operating on. For example, in practical applications, one end user can operate both the first resource and the second resource, but the user can only perform the query operation on the first resource, and can perform the query operation and the modification operation on the second resource, so that it is necessary to further store the operation types that the user can perform on the resources for each resource that the end user can operate. As can be seen from the above description, the authorized terminal configuration portal is a portal configured from the perspective of the user terminal. For example, the roles of various types of user terminals (including general administrator, advanced administrator, general user, advanced user, and the like) may be configured.
When the authorization configuration entry comprises an authorization operation configuration entry, the authorization configuration information sent by the authorization operation configuration entry comprises: the method comprises the steps of authorizing operation identification and operation authority configuration information corresponding to the operation identification; wherein, the operation authority configuration information comprises: authorized resource class information corresponding to the operation identifier and/or authorized terminal class information corresponding to the operation identifier. The authorized terminal class information corresponding to the operation identifier is: information of a terminal capable of performing the operation. The authorized resource class information corresponding to the operation identifier is: information of legal resources corresponding to the operation. Optionally, the operation authority configuration information specifically includes: the terminal capable of performing the operation is specifically capable of performing the operation for which resources. It can be seen that the authorized operation configuration entry is an entry configured from the viewpoint of operation type, and for example, may be specifically configured for each operation type. The operation types specifically include various types of operations such as query, modification, login, logout, statistics and the like. For example, resources that can support a query operation may be configured for the operation including: navigation bar resources, user comment resources, and the like; also, a list of end users who can use the operation is configured for the inquiry operation.
Step S210: and storing the authority configuration information corresponding to each application server into an authority management database.
The application server is a server for providing service support for the corresponding application. For example, taking the test question application as an example, the test question application server needs to provide service support for the test question application server, and the number of the specific test question application servers may be one or more.
The authority configuration information corresponding to each application server is as follows: rights configuration information associated with the corresponding application. Specifically, the authority configuration information may include various types, for example, various types of authority configuration information input through the above-mentioned respective authority configuration entries may be included, and specifically include application authority configuration information, resource authority configuration information, terminal authority configuration information, operation authority configuration information, and the like. Besides, the authority configuration information may also include various forms of information as long as the information is related to the authority configuration operation, and the specific meaning of the authority configuration information is not limited in the present invention.
Step S220: when receiving a rights management request from an application server, a rights keyword included in the rights management request is acquired.
The right management request sent by the application server may be triggered and sent by the application server itself. For example, when an operation and maintenance person corresponding to the application server needs to query the permission configuration condition of the application, the permission management request can be directly sent through the application server. Alternatively, the rights management request sent by the application server may be triggered according to a received operation request sent by the user terminal. For example, when the first user terminal sends an operation request of a query type for the first resource included in the application, the application server generates a corresponding rights management request according to the operation request.
In the present embodiment, the following implementation is mainly described as an example. Correspondingly, the authority management system receives an authority management request which is generated by the application server according to the operation request sent by the user terminal and corresponds to the operation request, and acquires an authority keyword contained in the authority management request. The operation request sent by the user terminal comprises at least one of the following information: application class information, resource class information, terminal class information, and operation class information. Accordingly, the rights key in the rights management request is determined according to the operation request, and may include at least one of the following: application keywords, resource keywords, terminal keywords, and operation keywords. The specific content and number of the authority keywords can be set according to actual conditions. For example, in this embodiment, a corresponding permission keyword is determined according to an operation request sent by a user terminal, and specifically, the permission keyword may include: an operation keyword (specifically, query operation information), a resource keyword (specifically, resource identification information of the first resource), an application keyword (specifically, an application identification corresponding to the application), and/or a terminal keyword (specifically, terminal information of the first user terminal), and the like.
Step S230: and determining the authority inquiry result corresponding to the authority key word according to the authority configuration information stored in the authority management database.
Since the permission configuration information and the permission keyword are provided by the application server, an association relationship exists between the permission configuration information and the permission keyword, and the permission query result corresponding to the permission keyword can be determined through the permission configuration information.
For example, in the present embodiment, since the authority keyword includes: the query type operation information, the resource identification information of the first resource, and the terminal information of the first user terminal. By the keyword, it can be determined that the application server wants to confirm the following: whether the first user terminal has the authority of inquiring the first resource or not. Accordingly, information of each user terminal capable of operating the first resource is stored in the pre-stored authority configuration information, and further, in what operation manner each user terminal can operate the first resource is stored. Therefore, whether the first user terminal has the authority of inquiring the first resource can be determined through inquiring.
Step S240: and returning a response message corresponding to the authority management request to the application server according to the authority inquiry result.
Specifically, the specific content of the response message depends on the specific form of the rights management request and the type of query result. For example, in this embodiment, it may be determined whether the first user terminal has the authority to perform the query operation on the first resource through the query. Accordingly, the response message may include a parameter indicating whether the first user terminal has the authority to perform the query operation on the first resource, so that the application server determines whether the first user terminal has the authority according to a value of the parameter. For example, if the parameter value is 0, it indicates that the first user terminal has the authority to perform the query operation on the first resource, and if the parameter value is 1, it indicates that the first user terminal does not have the authority to perform the query operation on the first resource. Correspondingly, the application server responds to the operation request of the user terminal according to the query result contained in the response message. For example, if the first user terminal has the right to perform the query operation on the first resource, the application server allows the first user terminal to perform the query operation on the first resource; otherwise, the application server refuses the first user terminal to perform query operation on the first resource.
Therefore, the method in the embodiment can uniformly manage and query the authority information of the plurality of application systems, and each application system does not need to maintain the authority management information by itself, so that the overhead of each application system is saved, the service operation efficiency of the application system is improved, and convenience is provided for the authority management operation. Each application system only needs to store data related to the service, and does not need to store and manage data related to the authority. When the application system needs to acquire specific authority information, the application system can be accessed to the authority management system in the invention, or communication between the application system and the authority management system in the invention is realized by sending an API request or other forms of messages, so that the corresponding authority information is acquired by the authority management system in the invention, and the authority management function is realized. In addition, since the authority management function relates to management of multiple granularities, for example, management can be performed by taking resources as granularity, management can be performed by taking operations as granularity, management can be performed by taking users as granularity, and management can be performed by taking applications as granularity.
Fig. 3 is a system structure diagram of a rights management system according to another embodiment of the present invention, including:
a storage module 31 adapted to store the rights configuration information corresponding to each application server into a rights management database;
an obtaining module 32, adapted to, when receiving a rights management request from an application server, obtain a rights keyword included in the rights management request;
the query module 33 is adapted to determine a permission query result corresponding to the permission keyword according to the permission configuration information stored in the permission management database;
and the response module 34 is adapted to return a response message corresponding to the permission management request to the application server according to the permission query result.
Optionally, the system further comprises:
the receiving module is used for receiving permission configuration information sent by each application server through a preset permission configuration inlet in advance;
wherein the permission configuration portal comprises at least one of: the method comprises an application authority configuration inlet, a resource authority configuration inlet, an authorized terminal configuration inlet and an authorized operation configuration inlet.
Optionally, when the permission configuration entry includes an application permission configuration entry, the permission configuration information sent by the application permission configuration entry includes: the method comprises the steps that an application identifier of an application to be configured with authority and application authority configuration information corresponding to the application identifier are obtained;
when the permission configuration entry comprises a resource permission configuration entry, permission configuration information sent by the resource permission configuration entry comprises: the resource identification of the resource to be configured with the authority and the resource authority configuration information corresponding to the resource identification; wherein the resource authority configuration information includes: authorization operation class information corresponding to the resource identifier and/or authorization terminal class information corresponding to the resource identifier;
when the authority configuration entry comprises an authorized terminal configuration entry, the authority configuration information sent by the authorized terminal configuration entry comprises: the method comprises the steps that a terminal identifier of an authorized terminal and terminal authority configuration information corresponding to the terminal identifier are obtained; wherein the terminal permission configuration information includes: authorized operation class information corresponding to the terminal identifier and/or authorized resource class information corresponding to the terminal identifier;
when the permission configuration entry comprises an authorized operation configuration entry, permission configuration information sent by the authorized operation configuration entry comprises: the method comprises the steps of authorizing operation identification and operation authority configuration information corresponding to the operation identification; wherein the operation authority configuration information includes: authorized resource class information corresponding to the operation identifier and/or authorized terminal class information corresponding to the operation identifier.
Optionally, the rights keyword included in the rights management request includes at least one of: application keywords, resource keywords, terminal keywords, and operation keywords.
Optionally, the receiving module is specifically adapted to: receiving a permission management request which is generated by an application server according to an operation request sent by a user terminal and corresponds to the operation request;
the response module is specifically adapted to: and returning a response message corresponding to the authority management request to the application server according to the authority inquiry result so that the application server responds to the operation request sent by the user terminal according to the response message.
Optionally, the operation request sent by the user terminal includes at least one of the following information: application class information, resource class information, terminal class information, and operation class information.
The specific structure and the working principle of each module may refer to the description of the corresponding step in the method embodiment, and are not described herein again.
The embodiment of the application provides a non-volatile computer storage medium, wherein at least one executable instruction is stored in the computer storage medium, and the computer executable instruction can execute the authority management method in any method embodiment.
Fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present invention, and the specific embodiment of the present invention does not limit the specific implementation of the electronic device.
As shown in fig. 4, the electronic device may include: a processor (processor)402, a Communications Interface 404, a memory 406, and a Communications bus 408.
Wherein:
the processor 402, communication interface 404, and memory 406 communicate with each other via a communication bus 408.
A communication interface 404 for communicating with network elements of other devices, such as clients or other servers.
The processor 402 is configured to execute the program 410, and may specifically perform relevant steps in the above-described embodiments of the rights management method.
In particular, program 410 may include program code comprising computer operating instructions.
The processor 402 may be a central processing unit CPU or an application Specific Integrated circuit asic or one or more Integrated circuits configured to implement embodiments of the present invention. The electronic device comprises one or more processors, which can be the same type of processor, such as one or more CPUs; or may be different types of processors such as one or more CPUs and one or more ASICs.
And a memory 406 for storing a program 410. Memory 406 may comprise high-speed RAM memory, and may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
The program 410 may specifically be configured to cause the processor 402 to perform the following operations:
storing the authority configuration information corresponding to each application server in an authority management database;
when receiving a permission management request from an application server, acquiring a permission keyword contained in the permission management request;
determining an authority query result corresponding to the authority keyword according to authority configuration information stored in the authority management database;
and returning a response message corresponding to the authority management request to the application server according to the authority inquiry result.
In an alternative manner, the program 410 may be further specifically configured to cause the processor 402 to perform the following operations:
receiving permission configuration information sent by each application server through a preset permission configuration inlet in advance;
wherein the permission configuration portal comprises at least one of: the method comprises an application authority configuration inlet, a resource authority configuration inlet, an authorized terminal configuration inlet and an authorized operation configuration inlet.
When the permission configuration entry comprises an application permission configuration entry, permission configuration information sent by the application permission configuration entry comprises: the method comprises the steps that an application identifier of an application to be configured with authority and application authority configuration information corresponding to the application identifier are obtained;
when the permission configuration entry comprises a resource permission configuration entry, permission configuration information sent by the resource permission configuration entry comprises: the resource identification of the resource to be configured with the authority and the resource authority configuration information corresponding to the resource identification; wherein the resource authority configuration information includes: authorization operation class information corresponding to the resource identifier and/or authorization terminal class information corresponding to the resource identifier;
when the authority configuration entry comprises an authorized terminal configuration entry, the authority configuration information sent by the authorized terminal configuration entry comprises: the method comprises the steps that a terminal identifier of an authorized terminal and terminal authority configuration information corresponding to the terminal identifier are obtained; wherein the terminal permission configuration information includes: authorized operation class information corresponding to the terminal identifier and/or authorized resource class information corresponding to the terminal identifier;
when the permission configuration entry comprises an authorized operation configuration entry, permission configuration information sent by the authorized operation configuration entry comprises: the method comprises the steps of authorizing operation identification and operation authority configuration information corresponding to the operation identification; wherein the operation authority configuration information includes: authorized resource class information corresponding to the operation identifier and/or authorized terminal class information corresponding to the operation identifier.
Wherein the rights keyword contained in the rights management request includes at least one of: application keywords, resource keywords, terminal keywords, and operation keywords.
In an alternative manner, the program 410 may be further specifically configured to cause the processor 402 to perform the following operations:
receiving a permission management request which is generated by an application server according to an operation request sent by a user terminal and corresponds to the operation request; and the application server responds to the operation request sent by the user terminal according to the response message.
Wherein, the operation request sent by the user terminal includes at least one of the following information: application class information, resource class information, terminal class information, and operation class information.
The algorithms and displays presented herein are not inherently related to any particular computer, virtual machine, or other apparatus. Various general purpose systems may also be used with the teachings herein. The required structure for constructing such a system will be apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
The various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functions of some or all of the components in a rights management system according to embodiments of the invention. The present invention may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.
Claims (12)
1. A method of rights management, comprising:
storing the authority configuration information corresponding to each application server in an authority management database;
when receiving a permission management request from an application server, acquiring a permission keyword contained in the permission management request;
determining an authority query result corresponding to the authority keyword according to authority configuration information stored in the authority management database;
returning a response message corresponding to the authority management request to the application server according to the authority inquiry result;
the authority management request comprises an authority keyword, wherein the authority keyword is used for determining corresponding authority information;
when an operation and maintenance person corresponding to the application server needs to inquire the authority configuration condition of the application, the operation and maintenance person sets an authority keyword according to the specific content of the authority configuration condition to be inquired, and sends an authority management request through the application server;
before the step of storing the authority configuration information corresponding to each application server in the authority management database, the method further includes:
receiving permission configuration information sent by each application server through a preset permission configuration inlet in advance;
wherein the permission configuration portal comprises at least one of: the method comprises an application authority configuration inlet, a resource authority configuration inlet, an authorized terminal configuration inlet and an authorized operation configuration inlet.
2. The method of claim 1, wherein when the permission configuration portal comprises an application permission configuration portal, the permission configuration information transmitted through the application permission configuration portal comprises: the method comprises the steps that an application identifier of an application to be configured with authority and application authority configuration information corresponding to the application identifier are obtained;
when the permission configuration entry comprises a resource permission configuration entry, permission configuration information sent by the resource permission configuration entry comprises: the resource identification of the resource to be configured with the authority and the resource authority configuration information corresponding to the resource identification; wherein the resource authority configuration information includes: authorization operation class information corresponding to the resource identifier and/or authorization terminal class information corresponding to the resource identifier;
when the authority configuration entry comprises an authorized terminal configuration entry, the authority configuration information sent by the authorized terminal configuration entry comprises: the method comprises the steps that a terminal identifier of an authorized terminal and terminal authority configuration information corresponding to the terminal identifier are obtained; wherein the terminal permission configuration information includes: authorized operation class information corresponding to the terminal identifier and/or authorized resource class information corresponding to the terminal identifier;
when the permission configuration entry comprises an authorized operation configuration entry, permission configuration information sent by the authorized operation configuration entry comprises: the method comprises the steps of authorizing operation identification and operation authority configuration information corresponding to the operation identification; wherein the operation authority configuration information includes: authorized resource class information corresponding to the operation identifier and/or authorized terminal class information corresponding to the operation identifier.
3. The method of claim 1 or 2, wherein the rights key contained in the rights management request comprises at least one of: application keywords, resource keywords, terminal keywords, and operation keywords.
4. A method according to any one of claims 1-3, wherein said step of receiving a rights management request from an application server specifically comprises: receiving a permission management request which is generated by an application server according to an operation request sent by a user terminal and corresponds to the operation request;
the step of returning a response message corresponding to the rights management request to the application server according to the rights inquiry result further comprises the steps of:
and the application server responds to the operation request sent by the user terminal according to the response message.
5. The method of claim 4, wherein the operation request sent by the user terminal includes at least one of the following information: application class information, resource class information, terminal class information, and operation class information.
6. A rights management system comprising:
the storage module is suitable for storing the authority configuration information corresponding to each application server into an authority management database;
the system comprises an acquisition module, a storage module and a processing module, wherein the acquisition module is suitable for acquiring an authority keyword contained in an authority management request when the authority management request from an application server is received;
the inquiry module is suitable for determining an authority inquiry result corresponding to the authority keyword according to the authority configuration information stored in the authority management database;
the response module is suitable for returning a response message corresponding to the authority management request to the application server according to the authority inquiry result;
the authority management request comprises an authority keyword, wherein the authority keyword is used for determining corresponding authority information;
when an operation and maintenance person corresponding to the application server needs to inquire the authority configuration condition of the application, the operation and maintenance person sets an authority keyword according to the specific content of the authority configuration condition to be inquired, and sends an authority management request through the application server;
the system further comprises:
the receiving module is used for receiving permission configuration information sent by each application server through a preset permission configuration inlet in advance;
wherein the permission configuration portal comprises at least one of: the method comprises an application authority configuration inlet, a resource authority configuration inlet, an authorized terminal configuration inlet and an authorized operation configuration inlet.
7. The system of claim 6, wherein when the permission configuration portal comprises an application permission configuration portal, the permission configuration information transmitted through the application permission configuration portal comprises: the method comprises the steps that an application identifier of an application to be configured with authority and application authority configuration information corresponding to the application identifier are obtained;
when the permission configuration entry comprises a resource permission configuration entry, permission configuration information sent by the resource permission configuration entry comprises: the resource identification of the resource to be configured with the authority and the resource authority configuration information corresponding to the resource identification; wherein the resource authority configuration information includes: authorization operation class information corresponding to the resource identifier and/or authorization terminal class information corresponding to the resource identifier;
when the authority configuration entry comprises an authorized terminal configuration entry, the authority configuration information sent by the authorized terminal configuration entry comprises: the method comprises the steps that a terminal identifier of an authorized terminal and terminal authority configuration information corresponding to the terminal identifier are obtained; wherein the terminal permission configuration information includes: authorized operation class information corresponding to the terminal identifier and/or authorized resource class information corresponding to the terminal identifier;
when the permission configuration entry comprises an authorized operation configuration entry, permission configuration information sent by the authorized operation configuration entry comprises: the method comprises the steps of authorizing operation identification and operation authority configuration information corresponding to the operation identification; wherein the operation authority configuration information includes: authorized resource class information corresponding to the operation identifier and/or authorized terminal class information corresponding to the operation identifier.
8. The system of claim 6 or 7, wherein the rights key included in the rights management request comprises at least one of: application keywords, resource keywords, terminal keywords, and operation keywords.
9. The system according to any of claims 6-8, wherein the receiving module is specifically adapted to: receiving a permission management request which is generated by an application server according to an operation request sent by a user terminal and corresponds to the operation request;
the response module is specifically adapted to: and returning a response message corresponding to the authority management request to the application server according to the authority inquiry result so that the application server responds to the operation request sent by the user terminal according to the response message.
10. The system of claim 9, wherein the operation request sent by the user terminal includes at least one of the following information: application class information, resource class information, terminal class information, and operation class information.
11. An electronic device, comprising: the system comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction causes the processor to execute the operation corresponding to the authority management method according to any one of claims 1-5.
12. A computer storage medium having stored therein at least one executable instruction for causing a processor to perform operations corresponding to the rights management method of any of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711431178.1A CN108173839B (en) | 2017-12-26 | 2017-12-26 | Rights management method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711431178.1A CN108173839B (en) | 2017-12-26 | 2017-12-26 | Rights management method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108173839A CN108173839A (en) | 2018-06-15 |
| CN108173839B true CN108173839B (en) | 2021-07-09 |
Family
ID=62521114
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711431178.1A Active CN108173839B (en) | 2017-12-26 | 2017-12-26 | Rights management method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108173839B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110096858A (en) * | 2019-05-20 | 2019-08-06 | 云南电网有限责任公司带电作业分公司 | Livewire work storehouse Rights Management System |
| CN111666559A (en) * | 2020-06-19 | 2020-09-15 | 中信银行股份有限公司 | Data bus management method and device supporting authority management, electronic equipment and storage medium |
| CN114205098B (en) * | 2020-08-31 | 2023-12-15 | 北京华为数字技术有限公司 | Method, device, equipment and computer readable storage medium for inquiring operation authority |
| CN113378217A (en) * | 2021-06-02 | 2021-09-10 | 浪潮软件股份有限公司 | Data authority control module, data access system and data access method |
| CN115314245B (en) * | 2022-06-30 | 2024-03-22 | 青岛海尔科技有限公司 | Rights management method, system, storage medium and electronic device |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107180184A (en) * | 2017-06-14 | 2017-09-19 | 努比亚技术有限公司 | Application program right management method, device and computer-readable recording medium |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103490886B (en) * | 2012-06-12 | 2017-04-05 | 阿里巴巴集团控股有限公司 | The verification method of permissions data, apparatus and system |
| WO2014026247A1 (en) * | 2012-08-16 | 2014-02-20 | Captioning Studio Technologies Pty Ltd | Method and system for providing relevant portions of multi-media based on text searching of multi-media |
| CN105283881B (en) * | 2013-07-02 | 2018-06-05 | 索尼公司 | The believable executable of content binding |
| CN105450581B (en) * | 2014-06-20 | 2019-12-03 | 北京新媒传信科技有限公司 | The method and apparatus of permission control |
| CN105912949B (en) * | 2016-04-13 | 2019-11-05 | 北京京东尚科信息技术有限公司 | Data permission management method, data right management system and business management system |
| CN107196915B (en) * | 2017-04-25 | 2020-02-14 | 北京潘达互娱科技有限公司 | Permission setting method, device and system |
| CN107277038A (en) * | 2017-07-18 | 2017-10-20 | 北京微影时代科技有限公司 | Access control method, device and system |
-
2017
- 2017-12-26 CN CN201711431178.1A patent/CN108173839B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107180184A (en) * | 2017-06-14 | 2017-09-19 | 努比亚技术有限公司 | Application program right management method, device and computer-readable recording medium |
Non-Patent Citations (3)
| Title |
|---|
| "Towards fast repackaging and dynamic authority management on Android";Song J , Zhang M , Han C , et al;《Wuhan University Journal of Natural Sciences》;20161231;第21卷(第001期);1-9页 * |
| "统一权限管理下的Web应用管理平台";靳大尉, 赵成, 陈刚;《计算机应用》;20131231;第33卷(第2期);305-306页 * |
| "统一用户权限管理系统的应用研究";杨艳国, 成立权, 刘阳;《计算机光盘软件与应用》;20121231;第000卷(第002期);59-60页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108173839A (en) | 2018-06-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108173839B (en) | Rights management method and system | |
| CN109936571B (en) | Mass data sharing method, open sharing platform and electronic device | |
| EP3164795B1 (en) | Prompting login account | |
| EP3108634B1 (en) | Facilitating third parties to perform batch processing of requests requiring authorization from resource owners for repeat access to resources | |
| EP2682863B1 (en) | Installing applications remotely | |
| CN104158818B (en) | A kind of single-point logging method and system | |
| TWI654533B (en) | Method for downloading and installing client, server and client | |
| CN109413040B (en) | Message authentication method, device, system, and computer-readable storage medium | |
| CN109657434B (en) | Application access method and device | |
| US11641356B2 (en) | Authorization apparatus, data server and communication system | |
| WO2017045450A1 (en) | Resource operation processing method and device | |
| US11882154B2 (en) | Template representation of security resources | |
| CN106776917B (en) | Method and device for acquiring resource file | |
| US9665732B2 (en) | Secure Download from internet marketplace | |
| CN111159729A (en) | Permission control method, device and storage medium | |
| US10321276B2 (en) | Systems and methods for vehicle telematics registration | |
| EP3523946B1 (en) | Profile based content and services | |
| CN103634935A (en) | WPS (Wi-Fi protected setup) or QSS (quick secure setup)-based network accessing method and device | |
| KR102245358B1 (en) | Techniques to transform network resource requests to zero rated network requests | |
| CN107172057A (en) | Authentication implementing method and device | |
| US10757216B1 (en) | Group profiles for group item recommendations | |
| CN108132836B (en) | Task distribution method and device and electronic equipment | |
| US9547508B2 (en) | Universal database driver | |
| CN102957597B (en) | Gateway apparatus and control method thereof | |
| CN111988298B (en) | Data processing method, device and equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |