CN108830101A

CN108830101A - Application permission configuration method and device based on tables of data

Info

Publication number: CN108830101A
Application number: CN201810564490.6A
Authority: CN
Inventors: 徐皓
Original assignee: Beijing Qihoo Technology Co Ltd
Current assignee: Beijing Qihoo Technology Co Ltd
Priority date: 2018-06-04
Filing date: 2018-06-04
Publication date: 2018-11-16

Abstract

The invention discloses a kind of application permission configuration method and device based on tables of data.Wherein, by preset resource data table storage resource information, permission is stored by preset permissions data table and controls information；The incidence relation between each permission control information in each resource information and device permissions data table in determining device resource data table；According to device incidence relation and each application and the corresponding relationship between each resource information, corresponding application permission information is applied with this for each application configuration；Wherein, device application permission information includes：This applies corresponding resource information, and controls information using the corresponding permission of corresponding resource information with this.Using scheme provided by the invention, resource corresponding to each different application and its permission can individually be managed, also, rights management mode is flexible, scalability is stronger.

Description

Application permission configuration method and device based on tables of data

Technical field

The present invention relates to field of computer technology, and in particular to a kind of application permission configuration method and dress based on tables of data It sets.

Background technique

Currently, with the development of science and technology, computer science and technology is widely used in every field. As the direction of management information system towards mostly application, multi-user continue to develop, the safety problem of system also gradually receives people Concern.And rights management is used as and guarantees the indispensable component part of whole system data safety, in modern software system In possess consequence.Reliability, safety and the stability of rights management directly affect the normal operation of system.

For being often directed to some specific resource due to permission, in existing permission control mode, Usually the management object of the corresponding permission of each resource in application system property as a whole is managed.Example Such as, for the various menu formula resource for including in application, each menu permission corresponding with the menu is carried out respectively The management object for indicating the permission of the menu is obtained after binding.

But inventor has found in the implementation of the present invention, aforesaid way in the prior art at least exists as follows Defect：Since the corresponding permission of resource is managed as a management object, before carrying out permission control, It needs to know in advance the type and quantity of whole resources, and is directed to the corresponding permission of each resource distribution respectively, thus by each The corresponding permission of resource binds a management object.So, when needing the type and quantity to resource to adjust It is whole, or when modifying to the type of permission, then need to redefine between resource adjusted and its corresponding permission Corresponding relationship, and new management object is regenerated, and then need to rewrite program code and be directed to new management pair to realize The management of elephant operates.It can be seen that the scalability of existing way is poor, resource category can not be applied to and/or permission type is flexible In changeable application scenarios.

Summary of the invention

In view of the above problems, it proposes on the present invention overcomes the above problem or at least be partially solved in order to provide one kind State the application permission configuration method and device based on tables of data of problem.

According to an aspect of the invention, there is provided the application permission configuration method based on tables of data, including：

By preset resource data table storage resource information, permission control letter is stored by preset permissions data table Breath；

Determine each resource information in the resource data table and each permission control in the permissions data table Incidence relation between information；

It is each application according to the incidence relation and each application and the corresponding relationship between each resource information Configuration applies corresponding application permission information with this；

Wherein, the application permission information includes：This applies corresponding resource information, and applies corresponding resource with this The corresponding permission of information controls information.

According to a further aspect of the present invention, the application permission configuration device based on tables of data is provided, including：

Memory module is suitable for depositing by preset resource data table storage resource information by preset permissions data table It stores up permission and controls information；

First determining module, each resource information being adapted to determine that in the resource data table and the permissions data table In each permission control information between incidence relation；

First configuration module is suitable for according to the incidence relation and each application and pair between each resource information It should be related to, apply corresponding application permission information with this for each application configuration；

According to another aspect of the invention, a kind of electronic equipment is provided, including：Processor, memory, communication interface and Communication bus, processor, memory and communication interface complete mutual communication by communication bus；

For memory for storing an at least executable instruction, it is above-mentioned based on tables of data that executable instruction executes processor The corresponding operation of application permission configuration method.

In accordance with a further aspect of the present invention, a kind of computer storage medium is provided, at least one is stored in storage medium Executable instruction, executable instruction make processor execute such as the above-mentioned corresponding behaviour of application permission configuration method based on tables of data Make.

Disclosed application permission configuration method and device based on tables of data according to the present invention, can be by resource and permission point Not Zuo Wei two independent management objects be managed, and by access authorization for resource contingency table to two manage objects between association Relationship is managed, and by addition application message, so that access authorization for resource contingency table is upgraded to application permission table, and then right Resource corresponding to each different application and its permission are individually managed.In this approach, resource and/or power are if desired modified The type and quantity of limit only need to accordingly modify the tables of data where corresponding management object, without redefining new pipe Reason object simultaneously rewrites control routine for new management object, and therefore, rights management mode is flexible, and scalability is stronger, The type and quantity for being particularly suitable for resource and permission can not predefine, the applied field for needing to be adjusted flexibly in use Scape.And it can also realize following effect：It can be managed, avoid individually for each for the permission of multiple applications simultaneously The troublesome operation of the corresponding permission of a application and development.And after using modification (such as after newly-increased or one application of deletion), only It need to be modified by corresponding operation interface to corresponding tables of data, entire program code is not necessarily to carry out any change, To improve the scalability of program.

The above description is only an overview of the technical scheme of the present invention, in order to better understand the technical means of the present invention, And it can be implemented in accordance with the contents of the specification, and in order to allow above and other objects of the present invention, feature and advantage can It is clearer and more comprehensible, the followings are specific embodiments of the present invention.

Detailed description of the invention

By reading the following detailed description of the preferred embodiment, various other advantages and benefits are common for this field Technical staff will become clear.The drawings are only for the purpose of illustrating a preferred embodiment, and is not considered as to the present invention Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings：

Fig. 1 shows the flow diagram of the access authorization for resource configuration method based on tables of data of the embodiment of the present invention one；

Fig. 2 shows the flow diagrams of the access authorization for resource management method of the embodiment of the present invention two；

Fig. 3 shows the flow diagram of the access authorization for resource management method of the embodiment of the present invention three；

Fig. 4 shows the flow diagram of the application permission configuration method based on tables of data of the embodiment of the present invention four；

Fig. 5 is shown according to resource data table Res provided by the embodiments of the present application, permissions data table PermDef, resource power Limit the relation schematic diagram between contingency table RB；

Fig. 6 shows the functional block diagram of the application permission configuration device based on tables of data of the embodiment of the present invention five；

Fig. 7 shows the structural schematic diagram of a kind of electronic equipment of the embodiment of the present invention six.

Specific embodiment

Exemplary embodiments of the present disclosure are described in more detail below with reference to accompanying drawings.Although showing the disclosure in attached drawing Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here It is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure It is fully disclosed to those skilled in the art.

Fig. 1 shows the flow diagram of the access authorization for resource configuration method based on tables of data of the embodiment of the present invention one.Such as Shown in Fig. 1, this method includes：

Step S101 is stored by preset permissions data table and is weighed by preset resource data table storage resource information Limit control information.

Wherein, for storing various resource informations, which can provide resource data table for menu resource, data Source, button resource, table resource, file resource, page elements resource etc. can also be it other than the resource for the above-mentioned type Its resource information.Permissions data table is for storing various permissions control information, wherein above-mentioned permission control information such as can be with For visible class permission, such as be visible control authority to some button, some picture on the page, can also be weighed for readable class Limit, revises permission, access authority of menu etc. to upper transmitting file at the operating right of writeable class permission, functional module, in addition to for It can also be other types of permission outside above-mentioned permission.

In order to make it easy to understand, Fig. 5 is shown according to resource data table Res provided by the embodiments of the present application, permissions data table Relation schematic diagram between PermDef, access authorization for resource contingency table RB.As shown in figure 5, resource data table Res can store menu 1, the resource informations such as menu 2, table 1；Permissions data table PermDef can store visible permission, can operating right, read-only authority etc. Permission controls information.It is worth noting that, the resource data table Res, permissions data table PermDef shown in Fig. 5 are merely illustrative The type and quantity of schematic diagram, resource information and permission control information in actual conditions are usually more, and Fig. 5 is only simplified shows It is intended to.

Resource information and permission control information are stored can respectively by presetting resource data table, permissions data table respectively Get up, to make resource information and permission control information respectively as two mutually independent control objects, and then convenient for rear It is individually managed in continuous step for two control objects.

Step S102 passes through each resource information and power in preset access authorization for resource contingency table storage resource tables of data Limit the incidence relation between each permission control information in tables of data.

Wherein, above-mentioned incidence relation is used to indicate contacting between resource information and permission control information, specifically may include Diversified forms.For example, can control information for each resource information and each permission and distinguish one-to-one incidence relation, may be used also Think that multiple resource informations correspond to the incidence relation of a permission control information or a resource information corresponds to multiple power The incidence relation of limit control information.By implement the step can be separately provided resource data table storage resource information and The permission control information association of permissions data table storage is got up, thus to two management object (i.e. resource informations and permission number It is believed that breath) between incidence relation be managed.

As shown in figure 5, access authorization for resource contingency table RB is for each resource information and permission in storage resource tables of data The incidence relation between each permission control information in tables of data.Above-mentioned incidence relation can be such as money as shown in Figure 5 The incidence relation of menu 1 and visible permissions mapping in the permission contingency table RB of source, menu 2 and can operating right mapping association close System, the incidence relation of table 1 and read-only authority mapping.It is worth noting that, the access authorization for resource contingency table RB shown in above-mentioned Fig. 5 is only Simplified illustrative diagram.In actual conditions, access authorization for resource contingency table is likely more complexity.

Step S103 is the corresponding power of each resource information configuration in resource data table according to access authorization for resource contingency table Limit control information.

According in resource information each in access authorization for resource contingency table and permissions data table each permission control information it Between incidence relation, corresponding permission can be configured for each resource information in resource data table and control information, to realize pair The permission control effect answered.By the above-mentioned means, can be managed using resource and permission as individual management object, And the corresponding relationship between two management objects is determined by access authorization for resource contingency table, to realize the purpose convenient for extension.

In addition, in traditional rights management mode, due to the type and quantity and the corresponding power of each resource of resource Limit type can be known and immobilize in advance, therefore, carry out pipe using resource and its corresponding permission as a management object Reason is feasible.For example, bank web page is divided into two versions of professional version and public version, respectively face in banking system To different grades of user, correspondingly, the resource of variety classes and quantity is separately included in the webpage of two versions, and each Resource and its corresponding permission are changeless：In professional version webpage comprising " transferring accounts ", " financing " and " inquire it is bright Carefully " three menus, and then only include " transferring accounts " this menu in public version webpage, correspondingly, by the various menu and its right The control authority answered, which is tied to a management object and is managed, is fully able to meet the needs of above-mentioned scene.Therefore, existing In mode, management object and its corresponding operation logic after binding are directly fixed in program code, if do not reprogram Words can not carry out any change to resource and permission.But inventor has found in the implementation of the present invention：Certain specific Application scenarios in, the type and quantity of menu can not often predefine, thereby increases and it is possible to the update of business dynamic change, Therefore, in the present embodiment, resource and its corresponding permission are split as two mutually independent management objects and carry out pipe respectively Reason, and established by access authorization for resource contingency table and safeguard the connection between two management objects.Further optionally, in order to just In modification, the operation interface for operating each tables of data is reserved in program code, will pass through corresponding operation interface It modifies to corresponding tables of data, to realize the purpose of the update based on tables of data and renewal authority configuration mode.

It optionally, in the present embodiment, further comprise following step S104 to step S106.

Step S104, according to receive resource updates request and/or permission update request, update resource data table and/ Or permissions data table.

Wherein, for carrying out various updates to the resource information in resource data table, permission update is asked for resource updates request It asks for carrying out various updates to the permission control information in permissions data table.The type of above-mentioned resource updates request includes following At least one of：Insertion type for being inserted into newly-increased resource information, the deletion type for deleting existing resource information；Power The type that limit updates request includes at least one of the following：For being inserted into the insertion type of newly-increased permission control information, being used for Delete the deletion type for having had permission control information.Specifically, resource updates request and/or permission update request can be by default Command format is sent, for example, can be realized by maintenance personnel in such a way that control backstage inputs corresponding control command.Or Person is intuitively managed for the ease of maintenance personnel, remains for operating the behaviour of each tables of data in advance in program code in advance Make interface：Permission more new interface for updating the resource updates interface of resource data table and for renewal authority tables of data. Above-mentioned resource updates interface and permission more new interface can be arranged by a variety of realizations such as corresponding input frame, drop-down table, buttons In the operation interface, in order to maintenance personnel's operation.Correspondingly, resource updates request is connect by preset resource updates interface It receives, permission updates request and updates interface by preset permission.It, will be according to the resource after receiving resource updates request Update the data content in the corresponding modification resource data table of request；It similarly, will be according to the power after receiving permission update request Limit updates the data content requested in corresponding modification authority tables of data.In addition, when this method is applied to big data scene, due to Resource and its permission it is many kinds of, therefore, for the ease of management, resource data table and permissions data table can be pressed respectively Be divided into multiple resource subdatasheets and permission subdatasheet according to default classifying rules, correspondingly, resource updates request and/ Or permission is updated in request and is identified comprising corresponding tables of data, quickly to determine subnumber to be updated according to tables of data mark According to the specific storage location of table.

For example, it is assumed that in a particular application, it may be necessary to the type and quantity of resource are modified, for example, for existing resource Corresponding junior's child resource is set, such as further adds the resources such as second-level menu or control button under further menu, at this time Newly-increased resource information need to be inputted, by resource updates interface only to expand resource data table.It it may also be desirable to The type of permission control information is refined, for example, the control authority of existing resource is directed to different types of subscriber segmentation It is a variety of, such as " checking user information " this menu resource, primary user, which is only capable of checking in user information, includes Telephone number, secondary user then can behavior event to include in searching user's information, three-level user even can inquire use The detailed address for including in the information of family, at this point, only newly-increased various permissions need to be inputted by permission more new interface controls information (example The permission such as checked the permission of behavior event, check detailed address), and in the next steps by itself and corresponding menu resource It is associated.

Step S105 updates access authorization for resource contingency table according to updated resource data table and/or permissions data table.

Specifically, it when resource updates request is deletion type and/or permission update request is to delete type, is weighed from resource It limits and deletes data record relevant to resource updates request and/or permission update request in contingency table；When resource updates request is It is inserted into type and/or permission updates when requesting to be inserted into type, controlled and believed according to permission corresponding with the resource information of insertion Breath and/or resource information corresponding with the permission of insertion control information, add corresponding data in access authorization for resource contingency table Record.Such as by the newly-increased resource information of resource updates interface input after, then need further by newly-increased resource information with The incidence relation of its corresponding permission control information is added in access authorization for resource contingency table.For another example, when pass through permission more new interface After the newly-increased various permissions control information of input, need to control the permission increased newly into the association between the corresponding resource of information Relationship is added in access authorization for resource contingency table.

It is alternatively possible to which obtaining permission corresponding with the resource information of insertion by preset configuration interface controls information And/or resource information corresponding with the permission of insertion control information, corresponding data note is added in access authorization for resource contingency table Record.Wherein, above-mentioned configuration interface includes：The first kind for configuring corresponding permission control information for the resource information of insertion is matched Interface is set, and/or, the second class for controlling the corresponding resource information of information configuration for the permission for insertion configures interface.Wherein, Above-mentioned configuration interface can be the new with this of the automatic spring after user is by the newly-increased resource information of resource updates interface input The corresponding configuration interface of the resource information of increasing, the configuration interface can voluntarily be inputted by way of input frame and be increased newly by user The corresponding permission of resource controls information, permission corresponding with newly-increased resource can also be selected to control by user by way of combobox Information.Above-mentioned resource updates interface also could alternatively be permission more new interface, and correspondingly, configuration interface can input and permission control The corresponding resource information of information processed.In short, related program code can be called by configuring interface quickly to modify resource Data content in permission contingency table realizes the convenient matching between newly-increased resource and permission, to improve more new resources power Limit the efficiency of contingency table.

Step S106, according to updated access authorization for resource contingency table, be in resource data table with resource updates request and/or Permission updates the relevant each corresponding permission of Web Service of request and controls information.

It is resource data according to updated access authorization for resource contingency table after being finished to the update of access authorization for resource contingency table The corresponding permission of the relevant each Web Service of request is updated with resource updates request and/or permission in table controls information, So as to the authority configuration situation of each resource of adaptation.

In conclusion in the present embodiment, resource and permission are split as two independent tables of data and are managed, and Association between the two is established by access authorization for resource contingency table, and remains for operating the operation of each tables of data in advance in a program Interface (including resource updates interface mentioned above, permission more new interface and configuration interface), and the table knot of each tables of data Structure be it is fixed, correspondingly, be preset in program code for being visited according to the table structure of each tables of data tables of data The data table access sentence asked, since table structure immobilizes, data table access sentence can be directly fixed in program generation It, only need to be by reserved for operating the operation interface of each tables of data when needing to modify the content of tables of data in code Realize to the modification of table content (such as can be inputted by resource updates interface newly-increased resource name and in Background scheduling it is corresponding Insert sentence realizes resource addition operation), it can be seen that, data table access sentence is not necessarily to the update with table content and modifies, Therefore, it after resource or permission are modified, need to only be modified by corresponding operation interface to corresponding tables of data, entirely Program code is without carrying out any change, to improve the scalability of program.This kind of mode is particularly suitable for the big of complexity In data application scene, and it can not predefine or be needed in the dynamically scene of adjustment in the type and quantity of resource and permission It is especially suitable.

Fig. 2 shows the flow diagrams of the access authorization for resource management method of the embodiment of the present invention two.As shown in Fig. 2, the party Method includes：

Step S201 is stored by preset permissions data table and is weighed by preset resource data table storage resource information Limit control information.

The detail of this step can refer to the description of step S101 in embodiment one, and details are not described herein again.Pass through difference Default resource data table, permissions data table can store respectively resource information and permission control information, to make resource Information and permission control information are convenient for being directed to two in the next steps respectively as two mutually independent control objects Control object is individually managed.

Step S202 determines each resource information in resource data table and each permission control in permissions data table Incidence relation between information.

Wherein, above-mentioned incidence relation is used to indicate contacting between resource information and permission control information, specifically may include Diversified forms.For example, can control information for each resource information and each permission and distinguish one-to-one incidence relation, may be used also Think that multiple resource informations correspond to the incidence relation of a permission control information or a resource information corresponds to multiple power The incidence relation of limit control information.By implement the step can be separately provided resource data table storage resource information and The permission control information association of permissions data table storage is got up.When it is implemented, can directly referring in embodiment one about resource The part of permission contingency table determines above-mentioned incidence relation.

Step S203 configures user corresponding with the terminal user according to above-mentioned incidence relation for each terminal user Authority information.

Wherein, user right information includes：The corresponding resource information of the terminal user, and it is corresponding with the terminal user The corresponding permission of resource information controls information.When it is implemented, the user right information is equivalent to money in example 1 User information is further increased on the basis of the permission contingency table of source, which can be deposited by individual user's table Storage, i.e.,：Will be interrelated between user's table, resource data table and permissions data table three by user right information, Each user corresponding with the resource and its corresponding authority information has been determined for each resource.By the above-mentioned means, energy It is enough to be managed user, resource and permission as individual management object, and three are determined by user right information The corresponding relationship between object is managed, to realize the purpose convenient for extension.

It optionally, in the present embodiment, further comprise following step S204 to step S106.

Step S204 stores the corresponding user right information of each terminal user by preset user right table.

Wherein, for storing above-mentioned user right information, which is equivalent to user's table, money user right table The tables of data that source data table and permissions data table three obtain after being associated.The user right table can be according to the use received Family updates request and is updated, and user updates request and sent by preset user more new interface；Wherein, user updates request Type include：It is inserted into type, deletes type, and/or modification type.Wherein, user's more new interface is mainly used for user's table In information be modified, such as add or delete user etc..

Step S205 is determined and is wrapped in user right table according to the user identifier for including in the permission inquiry request received The query result corresponding with permission inquiry request contained.

For example, when user terminal needs to access a certain resource, can to Rights Management System sending permission inquiry request, Query result corresponding with the user can be determined according to user identifier wherein included.Specifically, which can be with It is permission control information of the user for all resources, thus the permission situation of the thorough search user；Alternatively, can also be The user controls information for the permission of specific resources, so that it is determined that whether the user has permission for specific resources execution pair The operation answered, at this time, it may be necessary to further include resource identification in permission inquiry request；Alternatively, can also further be looked into permission It askes in request comprising resource identification and permission control mark, whether has the right to execute to inquire the user for specific resources A certain permission, and then the processing such as let pass or intercept is executed according to respective operations of the query result to the user.

Step S206, according to receive resource updates request and/or permission update request, update resource data table and/ Or permissions data table；According to updated resource data table and/or permissions data table, updated with resource more in user right table New request and/or permission update the corresponding user right information of the relevant each terminal user of request.

Wherein, by preset resource updates interface, permission updates request and passes through preset power for resource updates request Limit updates interface.Request and resource updates interface and permission more new interface are updated about resource updates request and permission Detail can refer to the description of step S104 in embodiment one, and details are not described herein again.

Specifically, it when resource updates request is deletion type and/or permission update request is to delete type, is weighed from user It limits and deletes data record relevant to resource updates request and/or permission update request in table；When resource updates request is insertion When type and/or permission update request for insertion type, according to permission corresponding with the resource information of insertion control information and/ Or resource information corresponding with the permission of insertion control information, corresponding data record is added in user right table.It is optional Ground, can be obtained by preset configuration interface with the resource information corresponding permission control information of insertion and/or with insertion The corresponding resource information of permission control information, corresponding data record is added in user right table.Wherein, above-mentioned configuration Interface includes：The first kind for configuring corresponding permission control information for the resource information of insertion configures interface, and/or, it uses Interface is configured in the second class that the permission for insertion controls the corresponding resource information of information configuration.Update about user right table Mode can be directly referring to the update mode in one S104 of embodiment about access authorization for resource contingency table, about the setting side for configuring interface Formula can be directly referring to the set-up mode in one S104 of embodiment about configuration interface, and details are not described herein again.

In conclusion in the present embodiment, by increasing relevant user in access authorization for resource contingency table in example 1 Information, so that access authorization for resource contingency table is upgraded to user right table, and then can be to money corresponding to each different user Source and its permission are individually managed.The present embodiment is the corresponding improvement embodiment of embodiment one, and therefore, the present embodiment necessarily has There are whole advantages of embodiment one, on this basis, additionally it is possible to realize following effect：The type for the resource that different user is seen and Quantity may be different, and the type of the corresponding permission of resource may also be different, therefore, can be to each user by user right table Permission carry out flexible management.

Fig. 3 shows the flow diagram of the access authorization for resource management method of the embodiment of the present invention three.As shown in figure 3, the party Method includes：

Step S301 is pre-configured with user role corresponding to each terminal user.

Wherein, terminal user is each user for including in application system, can specifically be stored by user's table.At this It in embodiment, is managed for the ease of the terminal user to magnanimity, is further provided with multiple user roles, including but unlimited In：Administrator, department manager A, the common employee of A department, department manager B etc..In the present embodiment, default the terminal of same role The control authority of user be it is identical, thus, it is possible to identical permission control mode is multiplexed into the use of magnanimity by role In family, so that the management for mass users brings convenience.When it is implemented, can be configured in preset user role table each User role corresponding to terminal user stores the corresponding pass between terminal user and its user role by user role table System.

Step S302 is determined in each resource information and the preset permissions data table in preset resource data table Incidence relation between each permission control information.

Resource information and permission control information are stored can respectively by presetting resource data table, permissions data table respectively Get up, to make resource information and permission control information respectively as two mutually independent control objects, and then convenient for rear It is individually managed in continuous step for two control objects.When it is implemented, can refer in embodiment one about resource data Table, permissions data table and access authorization for resource contingency table etc. partially determine above-mentioned incidence relation, and details are not described herein again.

Step S303 configures role corresponding with the user role according to above-mentioned incidence relation for each user role Authority information.

Wherein, role-security information includes：The corresponding resource information of the user role, and it is corresponding with the user role The corresponding permission of resource information controls information.When it is implemented, the role-security information is equivalent to money in example 1 User role information is further increased on the basis of the permission contingency table of source, which can pass through individual role's table It is stored, i.e.,：It will be interrelated between role's table, resource data table and permissions data table three by role-security information Get up, each role corresponding with the resource and its corresponding authority information has been determined for each resource.Pass through above-mentioned side Formula can be managed role, resource and permission as individual management object, and be determined by role-security information Corresponding relationship between three management objects, to realize the purpose convenient for extension.

It optionally, in the present embodiment, further comprise following step S304 to step S306.

Step S304 stores the corresponding role-security information of each user role by preset role-security table.

Wherein, for storing above-mentioned role-security information, which is equivalent to role's table, money role-security table The tables of data that source data table and permissions data table three obtain after being associated.The role-security table can be according to the angle received Color updates request and is updated, and update of role request is sent by preset update of role interface；Wherein, update of role is requested Type include：It is inserted into type, deletes type, and/or modification type.Wherein, update of role interface is mainly used for diagonal color table In information be modified, such as add or delete role and its corresponding user etc..

Step S305, according to the user identifier for including in the permission inquiry request received, inquire in user role table with The corresponding user role of the user identifier；According to role-security table and user role corresponding with the user identifier, really Fixed corresponding query result.

For example, when user terminal needs to access a certain resource, can to Rights Management System sending permission inquiry request, User role corresponding with the user, and then basis can be determined according to user identifier wherein included and user role table Role-security table determines corresponding query result.Specifically, the role where which can be the user is directed to all The permission of resource controls information, thus the permission situation of role where the thorough search user；Alternatively, can also be the user institute Information is controlled for the permission of specific resources in role, so that it is determined that whether role where the user has permission for the specific money Source executes corresponding operation, at this time, it may be necessary to further include resource identification in permission inquiry request；Alternatively, can also be further Comprising resource identification and permission control mark in permission inquiry request, to inquire user place role for specific money Whether source has the right to execute a certain permission, and then is executed according to respective operations of the query result to the user and let pass or intercept etc. Reason.

Step S306, according to receive resource updates request and/or permission update request, update resource data table and/ Or permissions data table；According to updated resource data table and/or permissions data table, updated with resource more in role-security table New request and/or permission update the corresponding role-security information of the relevant each user role of request.

Specifically, it when resource updates request is deletion type and/or permission update request is to delete type, is weighed from role It limits and deletes data record relevant to resource updates request and/or permission update request in table；When resource updates request is insertion When type and/or permission update request for insertion type, according to permission corresponding with the resource information of insertion control information and/ Or resource information corresponding with the permission of insertion control information, corresponding data record is added in role-security table.

It is alternatively possible to which obtaining permission corresponding with the resource information of insertion by preset configuration interface controls information And/or resource information corresponding with the permission of insertion control information, corresponding data record is added in role-security table.Its In, above-mentioned configuration interface includes：First kind configuration for configuring corresponding permission control information for the resource information of insertion connects Mouthful, and/or, the second class for controlling the corresponding resource information of information configuration for the permission for insertion configures interface.About role The update mode of authority list can be directly referring to the update mode in one S104 of embodiment about access authorization for resource contingency table, about configuration The set-up mode of interface can be directly referring to the set-up mode in one S104 of embodiment about configuration interface, and details are not described herein again.

In conclusion in the present embodiment, by increasing Role Information on the basis of example 2, so that resource be weighed Limit contingency table upgrades to role-security table, and then can individually be managed to resource corresponding to each different role and its permission Reason.The present embodiment is the corresponding improvement embodiment of embodiment two, and therefore, the present embodiment necessarily has the whole of embodiment one, two Advantage, on this basis, additionally it is possible to realize following effect：It is managed collectively convenient for the user to different role, improves use The efficiency of family management.For example, can be multiclass according to grade classification by user, it be directed to the corresponding angle of every class user setting respectively Color, and the corresponding resource of corresponding configuration and its permission, to realize the resource and its be able to access that the user of different role sees The effect that is all different of permission, provide convenience for the management of mass users, be particularly suitable for complicated multi-user and big number According in scene.

Fig. 4 shows the flow diagram of the application permission configuration method based on tables of data of the embodiment of the present invention four.Such as Shown in Fig. 4, this method includes：

Step S401 is stored by preset permissions data table and is weighed by preset resource data table storage resource information Limit control information.

Step S402 determines each resource information in resource data table and each permission control in permissions data table Incidence relation between information.

Wherein, above-mentioned incidence relation is used to indicate contacting between resource information and permission control information, specifically may include Diversified forms.The resource information and permissions data table of the resource data table storage being separately provided can be deposited by implementing the step The permission control information association of storage is got up.When it is implemented, can directly referring in embodiment one about access authorization for resource contingency table Part determines above-mentioned incidence relation.

Step S403, according to above-mentioned incidence relation and it is each application and the corresponding relationship between each resource information, be Each application configuration applies corresponding application permission information with this.

Wherein, application permission information includes：This applies corresponding resource information, and applies corresponding resource information with this Corresponding permission controls information.Specifically, the corresponding application permission of each application can be stored by preset application permission table Information；Wherein, application permission table can update according to the application received and request to be updated, and application updates request and passes through in advance If application more new interface send；Wherein, include using the type for updating request：It is inserted into type, deletes type, and/or modification Type.

When it is implemented, the application permission information be equivalent on the basis of access authorization for resource contingency table in example 1 into One step increases application message, which can be by individually applying table to be stored, i.e.,：It will by application permission information Using interrelated between table, resource data table and permissions data table three, determined and the money for each resource The corresponding each application in source and its corresponding authority information.By the above-mentioned means, can will apply, resource and permission are made respectively It is managed individually to manage object, and the corresponding relationship between three management objects is determined by application permission information, from And the purpose realized convenient for extension.In addition to table, resource data table and three tables of data of permissions data table will be applied interrelated Implementation except, an application field can also be added directly in the access authorization for resource contingency table of embodiment one, for depositing Store up application message, in short, the present invention to specific implementation details without limitation.

It can be seen that the main distinction between the present embodiment and above three embodiments is：It can be applied to comprehensive power It limits in management system, to manage the authority information of multiple applications simultaneously by same set of system.For example, for application one and Speech corresponds to resource A, resource B and resource C；For application two, correspond to resource A, resource C and resource D. It can be seen that resource A and resource C are existed simultaneously in two different applications, at this point, need to only be directed in application permission information Resource A and resource C adds the identification information about application one and application two simultaneously, thus the association that resource is corresponding Get up.

It optionally, in the present embodiment, further comprise following step S404 to step S406.

Step S404 stores the corresponding application permission information of each application by preset application permission table.

Wherein, for storing above-mentioned application permission information, which is equivalent to application table, money application permission table The tables of data that source data table and permissions data table three obtain after being associated.Application permission table can be according to the application received It updates request to be updated, and application updates request and sends by preset application more new interface；Wherein, using update request Type includes：It is inserted into type, deletes type, and/or modification type.Wherein, it is mainly used for using more new interface in application table Information be modified, such as add or delete using etc..

Step S405 is determined and is wrapped in application permission table according to the application identities for including in the permission inquiry request received The query result corresponding with permission inquiry request contained.

For example, when user terminal needs to access the resource in a certain application, it can be to Rights Management System sending permission Inquiry request, according to application identities wherein included can determination to be accessed application and with this using corresponding inquiry knot Fruit.Specifically, which can be the user for the permission control information of all resources in application, to look into comprehensively Ask the permission situation of the user in this application；Alternatively, can also be the user for the permission control of the specific resources in application Information processed, so that it is determined that whether the user, which has permission, executes corresponding operation for the specific resources in the application, at this time, it may be necessary to Resource identification is further included in permission inquiry request；Alternatively, can also further include resource mark in permission inquiry request Know and permission control identify, whether has the right to execute a certain permission to inquire the user for the specific resources in application, And then the processing such as let pass or intercept is executed according to respective operations of the query result to the user.

Step S406, according to receive resource updates request and/or permission update request, update resource data table and/ Or permissions data table；According to updated resource data table and/or permissions data table, updated with resource more in application permission table New request and/or permission update the corresponding application permission information of the relevant each application of request.

Specifically, when resource updates request is deletion type and/or permission update request is to delete type, from application power It limits and deletes data record relevant to resource updates request and/or permission update request in table；When resource updates request is insertion When type and/or permission update request for insertion type, according to permission corresponding with the resource information of insertion control information and/ Or resource information corresponding with the permission of insertion control information, corresponding data record is added in application permission table.It is optional Ground, can be obtained by preset configuration interface with the resource information corresponding permission control information of insertion and/or with insertion The corresponding resource information of permission control information, corresponding data record is added in application permission table.Wherein, above-mentioned configuration Interface includes：The first kind for configuring corresponding permission control information for the resource information of insertion configures interface, and/or, it uses Interface is configured in the second class that the permission for insertion controls the corresponding resource information of information configuration.Update about application permission table Mode can be directly referring to the update mode in one S104 of embodiment about access authorization for resource contingency table, about the setting side for configuring interface Formula can be directly referring to the set-up mode in one S104 of embodiment about configuration interface, and details are not described herein again.

In conclusion in the present embodiment, by increasing application message on the basis of example 1, so that resource be weighed Limit contingency table upgrades to application permission table, and then can individually be managed to resource corresponding to each different application and its permission Reason.The present embodiment is the corresponding improvement embodiment of embodiment one, and therefore, the present embodiment necessarily has the whole of embodiment one excellent Gesture, on this basis, additionally it is possible to realize following effect：It can be managed simultaneously for the permission of multiple applications, avoid list Solely it is directed to the troublesome operation of the corresponding permission of each application and development.In addition, similar with embodiment one, the present embodiment will be applied, be provided Source and permission are split as three independent tables of data respectively and are managed, and are established between three by application permission table Association, and remain for operating the operation interface of each tables of data in advance in a program (except resource updates interface mentioned above, permission Further include using more new interface outside more new interface and configuration interface), and the table structure of each tables of data (including applying table) is It is fixed, correspondingly, it is preset in program code for being accessed according to the table structure of each tables of data to tables of data Data table access sentence, since table structure immobilizes, data table access sentence can be directly fixed in program code In, it, only need to can be real by the reserved operation interface for operating each tables of data when needing to modify the content of tables of data Now to the modification of table content, it can be seen that, data table access sentence is not necessarily to the update with table content and modifies, and therefore, works as application After modification (such as after newly-increased or one application of deletion), it need to only be modified by corresponding operation interface to corresponding tables of data , entire program code is without carrying out any change, to improve the scalability of program.It can be seen that the present embodiment In, other than by resource and permission separate management, will also individually it be managed using object is individually managed as one, from And the number of applications that whole system is applicable in can be neatly adjusted, it provides convenience for development.

In addition, any combination can be carried out between aforementioned four embodiment in the present invention, i.e.,：It is corresponding in each embodiment Step can be applied to other each embodiments, and which is not limited by the present invention.For example, in example IV, it can also be pre- First configure user role corresponding to each terminal user；Then application permission information further comprises：It is corresponding with user role Resource information and its corresponding permission control information.Correspondingly, mentioned above reserved each for operating in a program The operation interface of tables of data is except resource updates interface mentioned above, permission more new interface, configuration interface and update is applied to connect It further include user's more new interface and the update of role interface in embodiment two, three, correspondingly, aforementioned four implementation except mouthful The total data table mentioned in example, including user's table, Jiao Sebiao, user role table, using table etc., table structure is fixation , it can be modified by the data table access sentence being solidificated in program code, to realize the purpose being adjusted flexibly. Furthermore it is also possible to above-mentioned each tables of data is combined, for example, establishing an association summary table so that mentioned in the present invention It is interrelated between all tables of data corresponding to all management objects (user, role, application, resource and permission), into And realize the purpose of flexible management.

Fig. 6 shows the functional block diagram of the application permission configuration device based on tables of data of the embodiment of the present invention five.Such as Fig. 6 Shown, described device includes:

Memory module 61 is suitable for passing through preset permissions data table by preset resource data table storage resource information It stores permission and controls information；

First determining module 62, each resource information and the permissions data being adapted to determine that in the resource data table The incidence relation between each permission control information in table；

First configuration module 63, be suitable for according to the incidence relation and it is each application between each resource information Corresponding relationship applies corresponding application permission information with this for each application configuration；

Optionally, wherein first configuration module 63 is particularly adapted to：Each answer is stored by preset application permission table With corresponding application permission information；

Wherein, the application permission table can update request according to the application received and be updated, and the application is more New request is sent by preset application more new interface；Wherein, the type of the application update request includes：Insertion type is deleted Except type, and/or modification type.

Optionally, wherein described device further includes the second determining module 64, is suitable for

According to the application identities for including in the permission inquiry request received, determine include in the application permission table with The corresponding query result of the permission inquiry request.

Optionally, wherein described device further comprises update module 65, is suitable for：

Request is updated according to the resource updates request received and/or permission, updates the resource data table and/or permission Tables of data；

According to updated resource data table and/or permissions data table, updated and the money in the application permission table Source updates request and/or permission updates the corresponding application permission information of the relevant each application of request.

Optionally, wherein the type of the resource updates request includes at least one of the following：It is newly spent more money on for being inserted into The insertion type of source information, the deletion type for deleting existing resource information；

The type that the permission updates request includes at least one of the following：For being inserted into newly-increased permission control information Insertion type has had permission the deletion type for controlling information for deleting.

Optionally, wherein the resource updates request is asked by preset resource updates interface, the permission update It asks and interface is updated by preset permission.

Optionally, wherein the update module 65 is particularly adapted to：

When resource updates request be type and/or the permission is deleted to update request be deletion type when, from described Data record relevant to resource updates request and/or permission update request is deleted in application permission table；

When the resource updates request be insertion type and/or the permission update request be inserted into type when, according to The corresponding permission control information of the resource information of insertion and/or resource information corresponding with the permission of insertion control information, Corresponding data record is added in the application permission table.

Optionally, wherein the update module 65 is particularly adapted to：

By preset configuration interface obtain the permission control information corresponding with the resource information of insertion and/or with The corresponding resource information of permission control information of insertion, adds corresponding data record in the application permission table；

Wherein, the configuration interface includes：The for configuring that corresponding permission controls information for the resource information of insertion One kind configuration interface, and/or, the second class configuration for controlling the corresponding resource information of information configuration for the permission for insertion connects Mouthful.

Optionally, wherein described device further comprises the second configuration module 66, is suitable for：Each terminal is pre-configured with to use User role corresponding to family；

Then the application permission information further comprises：Resource information corresponding with user role and its corresponding permission Control information.

Optionally, wherein the resource information includes at least one of the following：Menu resource, data resource, button money Source, table resource；

The permission control information includes at least one of the following：It can be seen that class permission, readable class permission, writeable class are weighed Limit.

Fig. 7 shows the structural schematic diagram of a kind of electronic equipment of the embodiment of the present invention six, and the specific embodiment of the invention is simultaneously The specific implementation of electronic equipment is not limited.

As shown in fig. 7, the electronic equipment may include：Processor (processor) 702, communication interface (Communications Interface) 704, memory (memory) 706 and communication bus 708.

Wherein：

Processor 702, communication interface 704 and memory 706 complete mutual communication by communication bus 708.

Communication interface 704, for being communicated with the network element of other equipment such as client or other servers etc..

Processor 702 can specifically execute in above-mentioned access authorization for resource management method embodiment for executing program 710 Correlation step.

Specifically, program 710 may include program code, which includes computer operation instruction.

Processor 702 may be central processor CPU or specific integrated circuit ASIC (Application Specific Integrated Circuit), or be arranged to implement the integrated electricity of one or more of the embodiment of the present invention Road.The one or more processors that electronic equipment includes can be same type of processor, such as one or more CPU；It can also To be different types of processor, such as one or more CPU and one or more ASIC.

Memory 706, for storing program 710.Memory 706 may include high speed RAM memory, it is also possible to further include Nonvolatile memory (non-volatile memory), for example, at least a magnetic disk storage.

Program 710 specifically can be used for so that processor 702 executes following operation：

In a kind of optional mode, program 710 can specifically be further used for so that processor 702 executes following behaviour Make：

The corresponding application permission information of each application is stored by preset application permission table；

Wherein, the type of the resource updates request includes at least one of the following：For being inserted into newly-increased resource information Insertion type, the deletion type for deleting existing resource information；

Wherein, by preset resource updates interface, the permission updates request and passes through for the resource updates request Preset permission updates interface.

It is pre-configured with user role corresponding to each terminal user；

Wherein, the resource information includes at least one of the following：Menu resource, data resource, button resource, table money Source；

Algorithm and display are not inherently related to any particular computer, virtual system, or other device provided herein. Various general-purpose systems can also be used together with teachings based herein.As described above, it constructs required by this kind of system Structure be obvious.In addition, the present invention is also not directed to any particular programming language.It should be understood that can use various Programming language realizes summary of the invention described herein, and the description done above to language-specific is to disclose this hair Bright preferred forms.

In the instructions provided here, numerous specific details are set forth.It is to be appreciated, however, that implementation of the invention Example can be practiced without these specific details.In some instances, well known method, structure is not been shown in detail And technology, so as not to obscure the understanding of this specification.

Similarly, it should be understood that in order to simplify the disclosure and help to understand one or more of the various inventive aspects, Above in the description of exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimes In example, figure or descriptions thereof.However, the disclosed method should not be interpreted as reflecting the following intention：It is i.e. required to protect Shield the present invention claims features more more than feature expressly recited in each claim.More precisely, as following Claims reflect as, inventive aspect is all features less than single embodiment disclosed above.Therefore, Thus the claims for following specific embodiment are expressly incorporated in the specific embodiment, wherein each claim itself All as a separate embodiment of the present invention.

Those skilled in the art will understand that can be carried out adaptively to the module in the equipment in embodiment Change and they are arranged in one or more devices different from this embodiment.It can be the module or list in embodiment Member or component are combined into a module or unit or component, and furthermore they can be divided into multiple submodule or subelement or Sub-component.Other than such feature and/or at least some of process or unit exclude each other, it can use any Combination is to all features disclosed in this specification (including adjoint claim, abstract and attached drawing) and so disclosed All process or units of what method or apparatus are combined.Unless expressly stated otherwise, this specification is (including adjoint power Benefit require, abstract and attached drawing) disclosed in each feature can carry out generation with an alternative feature that provides the same, equivalent, or similar purpose It replaces.

In addition, it will be appreciated by those of skill in the art that although some embodiments described herein include other embodiments In included certain features rather than other feature, but the combination of the feature of different embodiments mean it is of the invention Within the scope of and form different embodiments.For example, in the following claims, embodiment claimed is appointed Meaning one of can in any combination mode come using.

Various component embodiments of the invention can be implemented in hardware, or to run on one or more processors Software module realize, or be implemented in a combination thereof.It will be understood by those of skill in the art that can be used in practice Microprocessor or digital signal processor (DSP) realize one in access authorization for resource managing device according to an embodiment of the present invention The some or all functions of a little or whole components.The present invention is also implemented as executing method as described herein Some or all device or device programs (for example, computer program and computer program product).Such realization Program of the invention can store on a computer-readable medium, or may be in the form of one or more signals.This The signal of sample can be downloaded from an internet website to obtain, and is perhaps provided on the carrier signal or mentions in any other forms For.

It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and ability Field technique personnel can be designed alternative embodiment without departing from the scope of the appended claims.In the claims, Any reference symbol between parentheses should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not Element or step listed in the claims.Word "a" or "an" located in front of the element does not exclude the presence of multiple such Element.The present invention can be by means of including the hardware of several different elements and being come by means of properly programmed computer real It is existing.In the unit claims listing several devices, several in these devices can be through the same hardware branch To embody.The use of word first, second, and third does not indicate any sequence.These words can be explained and be run after fame Claim.

The invention also discloses：A1. a kind of application permission configuration method based on tables of data, including：

A2. method according to a1, wherein described to believe with this using corresponding application permission for each application configuration The step of breath, specifically includes：The corresponding application permission information of each application is stored by preset application permission table；

A3. the method according to A2, wherein described to believe with this using corresponding application permission for each application configuration After the step of breath, further comprise：

A4. the method according to A2 or A3, wherein described corresponding by each application of preset application permission table storage Application permission information the step of after, further comprise：

A5. method according to a4, wherein the type of the resource updates request includes at least one of the following： Insertion type for being inserted into newly-increased resource information, the deletion type for deleting existing resource information；

A6. method according to a5, wherein the resource updates request passes through preset resource updates interface, The permission updates request and updates interface by preset permission.

A7. according to any method of A4-A6, wherein described according to updated resource data table and/or permission number According to table, each terminal relevant to resource updates request and/or permission update request is updated in the application permission table The step of user's corresponding application permission information, specifically includes：

A8. the method according to A7, wherein according to permission corresponding with the resource information of insertion control information and/ Or resource information corresponding with the permission of insertion control information, corresponding data record is added in the application permission table Step specifically includes：

A9. according to any method of A2-A8, wherein before the method executes, further comprise：It is pre-configured with User role corresponding to each terminal user；

A10. according to any method of A1-A9, wherein the resource information includes at least one of the following：Dish Single resource, data resource, button resource, table resource；

B11. a kind of application permission configuration device based on tables of data, including：

B12. the device according to B11, wherein first configuration module is particularly adapted to：It is weighed by preset application Limit the corresponding application permission information of each application of table storage；

B13. device according to b12, wherein described device further includes the second determining module, is suitable for

B14. the device according to B12 or B13, wherein described device further comprises update module, is suitable for：

B15. device according to b14, wherein the type of the resource updates request includes at least one in following It is a：Insertion type for being inserted into newly-increased resource information, the deletion type for deleting existing resource information；

B16. the device according to B15, wherein the resource updates request is connect by preset resource updates interface It receives, the permission updates request and updates interface by preset permission.

B17. according to any device of B14-B16, wherein the update module is particularly adapted to：

B18. the device according to B17, wherein the update module is particularly adapted to：

B19. according to any device of B12-B18, wherein described device further comprises the second configuration module, is fitted In：It is pre-configured with user role corresponding to each terminal user；

B20. according to any device of B11-B19, wherein the resource information includes at least one of the following： Menu resource, data resource, button resource, table resource；

C21. a kind of electronic equipment, including：Processor, memory, communication interface and communication bus, the processor, institute It states memory and the communication interface completes mutual communication by the communication bus；

The memory executes the processor such as storing an at least executable instruction, the executable instruction The corresponding operation of application permission configuration method described in any one of A1-A10 based on tables of data.

D22. a kind of computer storage medium is stored with an at least executable instruction in the storage medium, described to hold Row instruction makes processor execute the corresponding behaviour of application permission configuration method based on tables of data as described in any one of A1-A10 Make.

Claims

1. a kind of application permission configuration method based on tables of data, including：

By preset resource data table storage resource information, permission is stored by preset permissions data table and controls information；

Determine each resource information in the resource data table and each permission control information in the permissions data table Between incidence relation；

It is each application configuration according to the incidence relation and each application and the corresponding relationship between each resource information Corresponding application permission information is applied with this；

Wherein, the application permission information includes：This applies corresponding resource information, and applies corresponding resource information with this Corresponding permission controls information.

2. according to the method described in claim 1, wherein, it is described for each application configuration with this using corresponding application permission The step of information, specifically includes：The corresponding application permission information of each application is stored by preset application permission table；

Wherein, the application permission table can update request according to the application received and be updated, and application update is asked It asks and is sent by preset application more new interface；Wherein, the type of the application update request includes：It is inserted into type, deletes class Type, and/or modification type.

3. according to the method described in claim 2, wherein, it is described for each application configuration with this using corresponding application permission After the step of information, further comprise：

According to the application identities for including in the permission inquiry request received, determine include in the application permission table with it is described The corresponding query result of permission inquiry request.

4. according to the method in claim 2 or 3, wherein described to store each application pair by preset application permission table After the step of application permission information answered, further comprise：

Request is updated according to the resource updates request received and/or permission, updates the resource data table and/or permissions data Table；

According to updated resource data table and/or permissions data table, updated with the resource more in the application permission table New request and/or permission update the corresponding application permission information of the relevant each application of request.

5. according to the method described in claim 4, wherein, the type of the resource updates request includes at least one in following It is a：Insertion type for being inserted into newly-increased resource information, the deletion type for deleting existing resource information；

The type that the permission updates request includes at least one of the following：For being inserted into the insertion of newly-increased permission control information Type has had permission the deletion type for controlling information for deleting.

6. according to the method described in claim 5, wherein, the resource updates request is connect by preset resource updates interface It receives, the permission updates request and updates interface by preset permission.

7. according to any method of claim 4-6, wherein described according to updated resource data table and/or permission Tables of data updates each end relevant to resource updates request and/or permission update request in the application permission table The step of end subscriber corresponding application permission information, specifically includes：

When resource updates request is deletion type and/or permission update request is to delete type, from the application Data record relevant to resource updates request and/or permission update request is deleted in authority list；

When the resource updates request be insertion type and/or the permission update request be inserted into type when, according to insertion Resource information corresponding permission control information and/or resource information corresponding with the permission of insertion control information, in institute It states and adds corresponding data record in application permission table.

8. a kind of application permission configuration device based on tables of data, including：

Memory module is suitable for storing and weighing by preset permissions data table by preset resource data table storage resource information Limit control information；

In first determining module, each resource information being adapted to determine that in the resource data table and the permissions data table Incidence relation between each permission control information；

First configuration module is suitable for according to the incidence relation and each application pass corresponding between each resource information System applies corresponding application permission information with this for each application configuration；

9. a kind of electronic equipment, including：Processor, memory, communication interface and communication bus, the processor, the storage Device and the communication interface complete mutual communication by the communication bus；

The memory executes the processor as right is wanted for storing an at least executable instruction, the executable instruction Ask the corresponding operation of application permission configuration method described in any one of 1-7 based on tables of data.

10. a kind of computer storage medium, an at least executable instruction, the executable instruction are stored in the storage medium Processor is set to execute such as the application permission configuration method corresponding behaviour of any of claims 1-7 based on tables of data Make.