CN108416230B - Data access method based on data isolation model - Google Patents
Data access method based on data isolation model Download PDFInfo
- Publication number
- CN108416230B CN108416230B CN201810246186.7A CN201810246186A CN108416230B CN 108416230 B CN108416230 B CN 108416230B CN 201810246186 A CN201810246186 A CN 201810246186A CN 108416230 B CN108416230 B CN 108416230B
- Authority
- CN
- China
- Prior art keywords
- data
- access
- role
- service
- data access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
Abstract
The invention provides a data access method based on a data isolation model, which utilizes the data isolation model to distinguish and isolate service database ranges of different hierarchical organizations, establishes access roles corresponding to data access authorities for different data services, establishes sub-roles corresponding to the data access authorities for different operation tasks, and establishes the data access authorities possessed by the sub-roles by utilizing the affiliation relationship between the sub-roles and the access roles, thereby not only ensuring the data isolation among the service database ranges of the different hierarchical organizations, but also ensuring the access authority authorization security among the service database ranges of the different hierarchical organizations while meeting different requirements on data service management among the different hierarchical organizations in a multi-hierarchical organization hierarchy structure, further achieving the compatibility of simplifying the access authority design and controlling the security requirements of the access authority, and better safety guarantee is provided for the execution of operation tasks different from the data service.
Description
Technical Field
The invention relates to the technical field of big data information security management, in particular to a data access method based on a data isolation model.
Background
Currently, a new generation of information technology is deeply integrated with manufacturing industry, and a new industrial revolution is being initiated. China's manufacturing industry takes intelligent manufacturing based on ' Internet + manufacturing industry ' as a main direction, improves the comprehensive integration level and walks the development path of ecological civilization. The information technology based on the internet is rapidly developed, and the informatization process of manufacturing enterprises is greatly accelerated. The construction waste recycling aims to convert the construction waste and other waste resources into renewable resources through directional harmless treatment, and further process the renewable resources into various terminal products, so that a new circular economy mode is created. The resource utilization of the building waste relates to a whole industrial chain, a supply chain and a value chain of the building, the intelligent level of resource regeneration and cyclic utilization is also improved by the 'Internet +', and an important opportunity and a development space are provided for the popularization of a building waste resource utilization project. By implementing a centralized ERP system, the quality supervision from the generation, transportation, disposal and reclamation of construction wastes to terminal regenerated products is carried out, the whole industrial chain is digitally managed, the prediction analysis of the quantity of the construction wastes in the region is carried out, and the real-time allocation and monitoring are carried out, so that the industrial development state is accurately judged and mastered, the accurate allocation and dynamic management are carried out, and the comprehensive competitiveness of the whole industrial chain is improved. With the acceleration of the intelligent development of the construction waste recycling industry and the development of the internet information technology, the information management system based on the Web becomes the mainstream of the development of the enterprise information management system, the information security problem also becomes the focus of attention, and the management of the user right is an important means for guaranteeing the security of the information system. The access control is a defense measure aiming at unauthorized use of system resources, ensures that the system resources are used in a controlled and legal manner by limiting the behaviors and operations of users in the system, and is a key technology for ensuring the information security of enterprises.
A Role-based Access Control (RBAC) model is a security Access Control method that is currently applied in a large business system. It accomplishes the granting and revoking of user's authority by assigning and revoking roles, and provides role assignment rules. The security manager defines various roles as required and sets appropriate access rights, and the user is assigned to different roles according to his or her responsibility and seniority. Because the authorization mode of the RBAC model and the maintenance of the authorization model are convenient and efficient, the RBAC model becomes an ideal choice for the authority management model in the open environment.
However, for the demand of the group companies for data traffic management, the existing role-based access control model (i.e. RBAC model) does not have good applicability. Because the conglomerate company often has a multi-level organization hierarchy, different levels in the organization hierarchy not only have an attribution relationship of upper and lower levels, but also emphasize independence and relevance between different levels, so that an attribution and crossing relationship also exists between service database ranges of different levels, and an independent and isolated access authority limit requirement is required, so that authority management of an ERP system (Enterprise Resource Planning) has complexity and dynamics; the control of the access authority in the existing RBAC model is static, that is, the access authority of each role in the range of the business database is statically set, and if the existing RBAC model is directly applied to an ERP system of a group-gathering company, the role with the statically controlled inquiry authority is easily difficult to adapt to the access authority requirements of the range of the business databases organized at different levels, so that the access mechanism is rigid or the authority granularity is insufficient (that is, the minimum range of the inquiry authority is insufficient); if different requirements of different hierarchical organizations on data service management are met, a large number of roles need to be constructed under the existing RBAC model, and data access permissions of the roles are crossed, so that the workload of role construction is huge, problems of role allocation errors and improper data access permission allocation are easily caused by the problem of the cross of the data access permissions among different roles, and the effective control on data isolation and access permission authorization safety is not facilitated.
Therefore, how to provide an applicable data access authority control scheme for the demand of the group-collected company on data service management, and ensure data isolation and access authority authorization security between service database ranges organized at different levels is a problem to be solved.
Disclosure of Invention
In view of the above-mentioned shortcomings in the prior art, an object of the present invention is to provide a data access method based on a data isolation model, so as to solve the problem of how to satisfy different requirements for data service management between different hierarchies in a multi-hierarchy organization hierarchy structure, and ensure data isolation and access authorization security between service database ranges of different hierarchies.
In order to achieve the purpose, the invention adopts the following system technical scheme:
a data access method based on a data isolation model comprises the following steps:
according to the limitation of the service database range of each different hierarchy organization in the organization hierarchy structure of data service management, a data isolation model for distinguishing and isolating different service database ranges is constructed, so that the service database ranges of each different hierarchy organization are distinguished and isolated by the data isolation model;
according to the limitation requirements of different data services in data service management on data access permissions in a service database, respectively constructing access roles with corresponding data access permissions aiming at each data service; according to the limitation requirements of different operation tasks in different data services on the data access permission in the service database, respectively aiming at each access role having the permission to execute the corresponding operation task in each data service, constructing a sub-role which belongs to the access role and has the data access permission to execute the corresponding operation task; moreover, role authority labels of all access roles and sub roles thereof are constructed;
when accessing data, according to the hierarchy organization of the access user, the data isolation model is used for distinguishing and limiting the range of the accessed service database, and according to the accessed data service or/and the operation task, the corresponding role authority label is configured for the access user, and further, the data access authority control of the access user is realized according to the access role or/and the sub-role corresponding to the configured role authority label.
In the data access method based on the data isolation model, as a preferred scheme, the organization hierarchy structure of the data service management is a tree structure;
organizing data access ranges corresponding to all data services and data access ranges of all operation tasks at a root node level of an organization level structure; and if the rest of the hierarchical organizations are, screening the data access range of the data service which can be accessed by the corresponding hierarchical organization from the data service corresponding to the parent node hierarchical organization of the corresponding hierarchical organization, determining the data access range corresponding to different operation tasks in each data service, and further determining the data access range of each different data service corresponding to the corresponding hierarchical organization and the limitation requirements of each different operation task in each data service on the data access range.
In the data access method based on the data isolation model, as a preferred scheme, the data access right possessed by each access role is the data access right of the minimum data access range necessary for the access role to access the corresponding data service.
In the above data access method based on the data isolation model, as a preferred scheme, each of the child roles has all data access permissions of the access role to which the child role belongs, and further has at least one data access permission which the access role to which the child role belongs does not have.
In the data access method based on the data isolation model, as an optimal scheme, during data access, after the range of a service database accessed by isolation limitation is distinguished, data access authority of a corresponding access role is given to an access user according to a role authority label of the access role corresponding to the accessed data service, and the authority control of the data access is carried out; if and only when the operation task in the data service is executed and the corresponding operation task is activated and executed, the role permission label of the corresponding sub-role is configured according to the corresponding operation task, the data access permission of the corresponding sub-role is given to the access user, and the permission control of the data access is carried out; when the operation task in the data service is completed, the role authority labels of the corresponding sub-roles corresponding to the corresponding operation tasks are immediately recovered, the data access authority of the access users to the corresponding sub-roles is cancelled, and the data access authority of the access roles to which the sub-roles belong is used for performing data access authority control on the access users.
Compared with the prior art, the invention has the following beneficial effects:
1. the data access method based on the data isolation model of the invention utilizes the data isolation model to distinguish and isolate the service database ranges of different hierarchical organizations, establishes the access roles corresponding to the data access authorities for different data services, establishes the sub-roles corresponding to the data access authorities for different operation tasks, and establishes the data access authorities possessed by the sub-roles by utilizing the affiliation relationship between the sub-roles and the access roles, thereby not only ensuring the data isolation among the service database ranges of the different hierarchical organizations, but also ensuring the access authority authorization safety among the service database ranges of the different hierarchical organizations on the premise of avoiding constructing different access roles with repeated data access authorities and avoiding constructing sub-roles with crossed data access authorities in a plurality of hierarchical organizations, and further, the requirements on simplification of access right design and security of access right control are met.
2. The data access method based on the data isolation model can also prevent the access user authority from being expanded to generate fraudulent behaviors in the system management configuration and operation task execution stages by flexibly distributing and controlling the data access authority of the access role and the sub-role when the operation task is executed in the data service, and provides better safety guarantee for the execution of the operation task different from the data service.
Drawings
FIG. 1 is a schematic diagram of a data access method based on a data isolation model according to the present invention.
Detailed Description
Aiming at the requirements of a group-integrated company on data service management, because different hierarchical organizations in a multi-hierarchical organization hierarchical structure have different requirements on the data service management, the invention provides a data access method based on a data isolation model, which comprises the following steps:
step A: according to the limitation of the service database range of each different hierarchy organization in the organization hierarchy structure of data service management, a data isolation model for distinguishing and isolating different service database ranges is constructed, so that the service database ranges of each different hierarchy organization are distinguished and isolated by the data isolation model;
and B: according to the limitation requirements of different data services in data service management on data access permissions in a service database, respectively constructing access roles with corresponding data access permissions aiming at each data service; according to the limitation requirements of different operation tasks in different data services on the data access permission in the service database, respectively aiming at each access role having the permission to execute the corresponding operation task in each data service, constructing a sub-role which belongs to the access role and has the data access permission to execute the corresponding operation task; moreover, role authority labels of all access roles and sub roles thereof are constructed;
and C: when accessing data, according to the hierarchy organization of the access user, the data isolation model is used for distinguishing and limiting the range of the accessed service database, and according to the accessed data service or/and the operation task, the corresponding role authority label is configured for the access user, and further, the data access authority control of the access user is realized according to the access role or/and the sub-role corresponding to the configured role authority label.
In the data access method based on the data isolation model, because the data isolation model is used for distinguishing and isolating the service database ranges organized in different levels, the data access method needs to distinguish and isolate the service database ranges organized in different levels according to the level organization to which the access user belongs so as to limit the accessed service database ranges, thereby ensuring the data isolation among the service database ranges organized in different levels. On the premise of ensuring data isolation, for the data service management requirements of the group-gathering company, the data service management of different hierarchical organizations often has the same data service, but the service database ranges corresponding to the different hierarchical organizations are different, so that the service database objects accessed by the same data service in the data service management requirements of the different hierarchical organizations are different, and thus, the independent data access control is executed by adopting the same access role for the same data service in the data service management of the different hierarchical organizations, and the feasibility is achieved; therefore, when the access roles are established, the difference of the service database ranges organized in different levels does not need to be distinguished and considered, and only the limitation requirements of different data services in data service management on the data access authority in the service database need to be considered to respectively establish the access roles with corresponding data access authorities for each data service, namely, even if the access roles are established aiming at the service database ranges organized in different levels, when the access roles are established according to the limitation requirements of different data services on the data access authority in the service database, if the access roles with the data access authorities of the corresponding data services exist, the access roles can not be repeatedly established; in this way, the construction of a large number of different access roles with repeated data access rights for data traffic management of different hierarchical organizations is avoided. Moreover, in the data access method based on the data isolation model, according to the restriction requirements of different operation tasks in different data services on the data access permission in the service database, a sub-role which belongs to each access role and has the data access permission for executing the corresponding operation task is constructed for each access role having the permission for executing the corresponding operation task in each data service; in specific implementation, each of the child roles may be designed to have all data access permissions of the access role to which the child role belongs, and also have at least one data access permission which the access role to which the child role belongs does not have, and of course, the data access permission which the access role to which the child role belongs does not have should be the data access permission which the child role needs to execute the corresponding operation task; therefore, the distribution relationship of the data access authorities for executing different operation tasks in each data service among different sub-roles is easier to distinguish and analyze, and the data access authorities of the sub-roles are constructed by utilizing the affiliation relationship between the sub-roles and the access roles on the premise of avoiding the existence of a large number of different access roles with repeated data access authorities, so that the problem that the data access authorities of a large number of data access authorities of different hierarchical organizations are crossed with each other in the management of the data services is avoided to a great extent. Therefore, when accessing data, after the access service database range is distinguished and limited by the data isolation model according to the hierarchy organization to which the access user belongs, the corresponding role authority labels are configured for the access user according to the accessed data service or/and operation task, and then the data access authority control of the access user is realized according to the corresponding access roles or/and sub-roles of the configured role authority labels, so that the data isolation between the service database ranges of different hierarchy organizations is ensured while different requirements on data service management among different hierarchy organizations in a multi-hierarchy organization hierarchy structure are met, and on the premise of avoiding constructing different access roles with repeated data access authorities and avoiding constructing sub-roles with crossed data access authorities, and the authorization security of the access right among service database ranges organized in different levels can be ensured, so that the design simplification of the access right and the security requirement of the access right control are both met.
In the data access method based on the data isolation model, the sequence between the step A and the step B is not limited and can be exchanged; step C needs to be performed depending on step a and step B.
For a conglomerate company, different hierarchical organizations in an organization hierarchical structure often have an attribution relationship of upper and lower hierarchies, and for the organization hierarchical structure form, the organization hierarchical structure for data service management should be designed to be a tree structure; the root node hierarchy organization in the organization hierarchy structure is often the head office of a group company, so the root node hierarchy organization in the organization hierarchy structure should correspond to the data access range of all data services and the data access range of all operation tasks; and the other hierarchical organizations, because of having an attribution relationship of upper and lower hierarchies with the parent node hierarchical organization, the other hierarchical organizations except the root node hierarchical organization should be designed to screen the data access range of the data service which can be accessed by the corresponding hierarchical organization from the data service corresponding to the parent node hierarchical organization of the corresponding hierarchical organization, and determine the data access range corresponding to different operation tasks in each data service, thereby determining the data access range of each different data service corresponding to the corresponding hierarchical organization and the restriction requirement of each different operation task in each data service on the data access range. The data access range distinguishing and isolating design mode can meet the data isolation management requirement of the group-gathering company on data service management.
In a specific implementation, if a task is to be performed with better security assurance under certain circumstances, such as processing of confidential information, etc., when designing the data access right possessed by each access role, the access role can be designed to possess only the data access right of the minimum data access range necessary for accessing the corresponding data service, and the rest of the required data access rights can be realized through the subordinate roles. On the other hand, in order to improve the data security protection of task execution, during data access, after the isolation limits the range of the accessed service database, the data access authority of the corresponding access role can be given to the access user according to the role authority label of the access role corresponding to the accessed data service, so as to perform data access authority control; if and only when the operation task in the data service is executed and the corresponding operation task is activated and executed, the role permission label of the corresponding sub-role is configured according to the corresponding operation task, the data access permission of the corresponding sub-role is given to the access user, and the permission control of the data access is carried out; when the operation task in the data service is completed, the role authority labels of the corresponding sub-roles corresponding to the corresponding operation tasks are immediately recovered, the data access authority of the access users to the corresponding sub-roles is cancelled, and the data access authority of the access roles to which the sub-roles belong is used for performing data access authority control on the access users. Therefore, before the operation task is executed, the access user cannot obtain actual data access authority even if the access user has the qualification of executing the operation task, and the data access authority of the corresponding sub-role is really granted to the access user only after the operation task is activated; after the operation task is finished, the data access authority of the corresponding sub-role is immediately recovered, so that the access user does not have the data access authority required for executing the operation task any more, but only has the data access authority of the access role corresponding to the current data service, namely the data access authority of the minimum data access range required by the data service, therefore, the access user authority is prevented from being expanded to generate fraudulent behaviors in the system management configuration and operation task execution stages, and better safety guarantee is provided for the execution of the operation task different from the data service.
In summary, the data access method based on the data isolation model of the present invention utilizes the data isolation model to distinguish and isolate the service database ranges of different hierarchical organizations, and establishes access roles corresponding to data access permissions for different data services, establishes sub-roles corresponding to data access permissions for different operation tasks, and establishes data access permissions possessed by the sub-roles by using the affiliation relationship between the sub-roles and the access roles, so as to satisfy different requirements for data service management among different hierarchical organizations in a multi-hierarchical organization hierarchy structure, not only ensure data isolation among the service database ranges of different hierarchical organizations, but also ensure access permission authorization security among the service database ranges of different hierarchical organizations on the premise of avoiding establishing different access roles with a large number of data access permissions repeatedly and avoiding establishing sub-roles with a large number of data access permissions crossed, thereby achieving the balance of simplifying the design of the access authority and controlling the safety requirement of the access authority; the data access method based on the data isolation model can also prevent the access user authority from being expanded to generate fraudulent behaviors in the system management configuration and operation task execution stages by flexibly distributing and controlling the data access authority of the access role and the sub-role when the operation task is executed in the data service, and provides better safety guarantee for the execution of the operation task different from the data service.
Finally, the above embodiments are only intended to illustrate the technical solution of the present invention and not to limit the same, and although the present invention has been described in detail with reference to the embodiments, it will be understood by those skilled in the art that modifications or equivalent substitutions may be made to the technical solution of the present invention without departing from the spirit and scope of the technical solution of the present invention, which should be covered by the claims of the present invention.
Claims (4)
1. A data access method based on a data isolation model is characterized by comprising the following steps:
according to the limitation of the service database range of each different hierarchy organization in the organization hierarchy structure of data service management, a data isolation model for distinguishing and isolating different service database ranges is constructed, so that the service database ranges of each different hierarchy organization are distinguished and isolated by the data isolation model;
according to the limitation requirements of different data services in data service management on data access permissions in a service database, respectively constructing access roles with corresponding data access permissions aiming at each data service; according to the limitation requirements of different operation tasks in different data services on the data access permission in the service database, respectively aiming at each access role having the permission to execute the corresponding operation task in each data service, constructing a sub-role which belongs to the access role and has the data access permission to execute the corresponding operation task; moreover, role authority labels of all access roles and sub roles thereof are constructed; each sub-role has all data access permissions of the access role to which the sub-role belongs and also has at least one data access permission which the access role to which the sub-role belongs does not have;
when accessing data, according to the hierarchy organization of the access user, the data isolation model is used for distinguishing and limiting the range of the accessed service database, and according to the accessed data service or/and the operation task, the corresponding role authority label is configured for the access user, and further, the data access authority control of the access user is realized according to the access role or/and the sub-role corresponding to the configured role authority label.
2. The data access method based on the data isolation model of claim 1, wherein the organization hierarchy of the data service management is a tree structure;
organizing data access ranges corresponding to all data services and data access ranges of all operation tasks at a root node level of an organization level structure; and if the rest of the hierarchical organizations are, screening the data access range of the data service which can be accessed by the corresponding hierarchical organization from the data service corresponding to the parent node hierarchical organization of the corresponding hierarchical organization, determining the data access range corresponding to different operation tasks in each data service, and further determining the data access range of each different data service corresponding to the corresponding hierarchical organization and the limitation requirements of each different operation task in each data service on the data access range.
3. The data access method based on the data isolation model as claimed in claim 1, wherein the data access right of each access role is the data access right of the minimum data access range necessary for the access role to access the corresponding data service.
4. The data access method based on the data isolation model according to claim 1, characterized in that, during data access, after the isolation limits the accessed service database range, the data access authority of the corresponding access role is given to the access user according to the role authority label of the corresponding access role of the accessed data service, so as to perform data access authority control; if and only when the operation task in the data service is executed and the corresponding operation task is activated and executed, the role permission label of the corresponding sub-role is configured according to the corresponding operation task, the data access permission of the corresponding sub-role is given to the access user, and the permission control of the data access is carried out; when the operation task in the data service is completed, the role authority labels of the corresponding sub-roles corresponding to the corresponding operation tasks are immediately recovered, the data access authority of the access users to the corresponding sub-roles is cancelled, and the data access authority of the access roles to which the sub-roles belong is used for performing data access authority control on the access users.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810246186.7A CN108416230B (en) | 2018-03-23 | 2018-03-23 | Data access method based on data isolation model |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810246186.7A CN108416230B (en) | 2018-03-23 | 2018-03-23 | Data access method based on data isolation model |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108416230A CN108416230A (en) | 2018-08-17 |
| CN108416230B true CN108416230B (en) | 2019-12-20 |
Family
ID=63132343
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810246186.7A Active CN108416230B (en) | 2018-03-23 | 2018-03-23 | Data access method based on data isolation model |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108416230B (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109460675A (en) * | 2018-10-26 | 2019-03-12 | 温州博盈科技有限公司 | A kind of enterprise information security management method |
| CN110188517B (en) * | 2018-12-14 | 2021-12-28 | 浙江宇视科技有限公司 | User account login method and device based on role mode |
| CN109829331B (en) * | 2018-12-28 | 2021-06-22 | 金螳螂家装电子商务(苏州)有限公司 | Data management method based on decoration chain enterprise employee unified authority |
| CN110175437A (en) * | 2019-04-11 | 2019-08-27 | 全球能源互联网研究院有限公司 | It is a kind of for access terminal authorization control method, apparatus and host terminal |
| CN110516450B (en) * | 2019-07-23 | 2023-06-20 | 平安科技(深圳)有限公司 | Data acquisition authority management and control method, electronic device and computer readable storage medium |
| CN110569657B (en) * | 2019-09-10 | 2021-10-29 | 北京字节跳动网络技术有限公司 | Data access method, device, equipment and storage medium |
| CN111079182B (en) * | 2019-12-18 | 2022-11-29 | 北京百度网讯科技有限公司 | Data processing method, device, equipment and storage medium |
| CN113407929A (en) * | 2021-02-05 | 2021-09-17 | 北京理工大学 | Access authorization method and system for research and development design resources |
| CN114567504B (en) * | 2022-03-07 | 2023-08-25 | 福建天晴在线互动科技有限公司 | Dynamic authority cross management method and system based on web architecture |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8181230B2 (en) * | 2008-06-30 | 2012-05-15 | International Business Machines Corporation | System and method for adaptive approximating of a user for role authorization in a hierarchical inter-organizational model |
| CN104331776A (en) * | 2014-11-18 | 2015-02-04 | 国家电网公司 | Electric power data application management platform |
| CN104537488A (en) * | 2014-12-29 | 2015-04-22 | 中国南方电网有限责任公司 | Enterprise-level information system function authority unified management method |
| CN106407823A (en) * | 2016-09-26 | 2017-02-15 | 中国科学院计算技术研究所 | A multi-granularity and multi-intensity access control method and system |
| CN107506655A (en) * | 2017-08-08 | 2017-12-22 | 北京盛华安信息技术有限公司 | Data permission distributes the method with access control |
-
2018
- 2018-03-23 CN CN201810246186.7A patent/CN108416230B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8181230B2 (en) * | 2008-06-30 | 2012-05-15 | International Business Machines Corporation | System and method for adaptive approximating of a user for role authorization in a hierarchical inter-organizational model |
| CN104331776A (en) * | 2014-11-18 | 2015-02-04 | 国家电网公司 | Electric power data application management platform |
| CN104537488A (en) * | 2014-12-29 | 2015-04-22 | 中国南方电网有限责任公司 | Enterprise-level information system function authority unified management method |
| CN106407823A (en) * | 2016-09-26 | 2017-02-15 | 中国科学院计算技术研究所 | A multi-granularity and multi-intensity access control method and system |
| CN107506655A (en) * | 2017-08-08 | 2017-12-22 | 北京盛华安信息技术有限公司 | Data permission distributes the method with access control |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108416230A (en) | 2018-08-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108416230B (en) | Data access method based on data isolation model | |
| CN109981552B (en) | Authority distribution method and device | |
| US7284000B2 (en) | Automatic policy generation based on role entitlements and identity attributes | |
| CN111935131A (en) | SaaS resource access control method based on resource authority tree | |
| CN103617485A (en) | Uniform authority management and deployment system | |
| CN105184144A (en) | Multi-system privilege management method | |
| CN110430250B (en) | Computer system integrated push project management method, storage medium and device | |
| CN104463015A (en) | Authority management method and device | |
| CN111475784A (en) | Authority management method and device | |
| EP3185507B1 (en) | Access control method and apparatus | |
| CN106878325A (en) | A kind of method and device for determining access privilege | |
| CN106372469A (en) | Process-based database permission automated management system meeting international auditing standards | |
| CN114372098A (en) | Platform and method for protecting and mining power data middling station private data based on privileged account management | |
| CN111880921A (en) | Job processing method and device based on rule engine and computer equipment | |
| CN109033861B (en) | Method for authorizing authorized operator in system | |
| CN105335664A (en) | Permission management system based on B/S mode | |
| CN105243337A (en) | Permission control system and method | |
| CN106682821A (en) | Unified management control method for rail transit system users | |
| CN111047301A (en) | Spacecraft development process management system and method | |
| CN111611220A (en) | File sharing method and system based on hierarchical nodes | |
| CN115455388A (en) | Authority-based hierarchical management method and system | |
| CN114491498A (en) | Wind power plant central monitoring login system based on permission classification | |
| CN113541959A (en) | Construction project management system and method | |
| Xihua et al. | Blockchain mechanism for resolving privacy issues in a smart city | |
| CN113347202A (en) | Account identification management system of centralized account management and control platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |