CN109246079B - Authority management method, system, medium and electronic device - Google Patents
Authority management method, system, medium and electronic device Download PDFInfo
- Publication number
- CN109246079B CN109246079B CN201810874099.6A CN201810874099A CN109246079B CN 109246079 B CN109246079 B CN 109246079B CN 201810874099 A CN201810874099 A CN 201810874099A CN 109246079 B CN109246079 B CN 109246079B
- Authority
- CN
- China
- Prior art keywords
- node
- authority
- permission
- request
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Abstract
The embodiment of the invention provides a permission management method which comprises the steps of obtaining an allocation request of a first node for allocating permission to a second node, determining whether the second node already has the permission or not based on the allocation request, and allocating the permission to the second node under the condition that the second node does not have the permission. According to the method, the authority can be rapidly issued to each node through the authority distribution among the nodes, and the workload of an administrator is greatly reduced. In addition, the embodiment of the invention provides a rights management system and an electronic device.
Description
Technical Field
Embodiments of the present invention relate to the field of internet, and in particular, to a rights management method, system, medium, and electronic device.
Background
This section is intended to provide a background or context to the embodiments of the invention that are recited in the claims. The description herein is not admitted to be prior art by inclusion in this section.
In an office scene, different authorities are usually set for users with different roles, so that the work is smoothly expanded, and information is not easy to leak.
Currently, rights assignments are typically assigned by a system administrator. In some cases, a system administrator may specify a portion of users, such as project principals, as secondary administrators, who assign the permissions of others.
Disclosure of Invention
However, when new employees of a company increase rapidly, employees change their duty or change a project line, or when a company opens a project line, a large number of user permissions are required to be set, and the administrator setting permissions often cannot be timely and effectively assigned to every person, which has serious hysteresis. Such repetitive work is not significant, but has to be performed, and if the authority system is not updated timely, the work of the user is difficult to be performed, or information is leaked.
For this reason, an improved method for managing rights is highly desirable to overcome the problem of cumbersome rights management.
In this context, embodiments of the present invention are expected to provide a method for managing permissions, so that permissions can be issued to each node quickly, and workload of administrators can be reduced.
In a first aspect of embodiments of the present invention, a method for rights management is provided, including obtaining an allocation request for a first node to allocate a right to a second node, determining whether the second node already has the right based on the allocation request, and allocating the right to the second node if the second node does not have the right.
In an embodiment of the present invention, the authorization relationship among the plurality of nodes forms a tree structure, and the method further includes obtaining a query request of the first node for the authorization condition of the authority, and displaying descendant nodes of the first node in the tree structure.
In another embodiment of the present invention, the method further includes obtaining a closing request of the first node for the permission of a third node, where the third node is a descendant node of the first node in the tree structure, and closing the permission of the third node and the descendant node of the third node in the tree structure based on the closing request.
In yet another embodiment of the present invention, the method further includes obtaining a stop request of the first node for the authority of a third node, wherein the third node is a descendant node of the first node in the tree structure, and stopping the authority of the third node without stopping the authority of the descendant node of the third node in the tree structure based on the stop request.
In yet another embodiment of the present invention, the fourth node is a descendant node of the first node, and the method further comprises prohibiting the fourth node from assigning the right to the third node again.
In a second aspect of the embodiments of the present invention, there is provided a rights management system including an assignment request module, a rights determination module, and a rights assignment module. And the allocation request module is used for obtaining an allocation request of the first node for allocating the authority to the second node. A permission determination module to determine whether the second node already has the permission based on the allocation request. And the authority distributing module is used for distributing the authority to the second node under the condition that the second node does not have the authority.
In one embodiment of the invention, the authorization relationship among a plurality of nodes forms a tree structure, and the system further comprises a query request module and a permission display module. And the query request module is used for obtaining a query request of the first node for the authorization condition of the authority. And the permission display module is used for displaying the descendant nodes of the first node in the tree structure.
In another embodiment of the present invention, the system further includes a shutdown request module and an authority shutdown module. A closing request module, configured to obtain a closing request for the permission of a third node from the first node, where the third node is a descendant node of the first node in the tree structure. And the permission closing module is used for closing the permissions of the third node and the descendant nodes of the third node in the tree structure based on the closing request.
In another embodiment of the present invention, the system further comprises a stop request module and a permission stop module. A stopping request module, configured to obtain a stopping request for the permission of a third node from the first node, where the third node is a descendant node of the first node in the tree structure. And the permission stopping module is used for stopping the permission of the third node based on the stopping request without stopping the permission of the descendant nodes of the third node in the tree structure.
In a further embodiment of the present invention, the fourth node is a descendant node of the first node, and the system further includes a prohibiting module configured to prohibit the fourth node from assigning the right to the third node again.
In a third aspect of embodiments of the present invention, there is provided a medium having stored thereon executable instructions that, when executed by a processing unit, cause the processing unit to perform any of the methods described above.
In a fourth aspect of embodiments of the present invention, there is provided an electronic device, comprising a processing unit, and a storage unit having stored thereon executable instructions that, when executed by the processing unit, cause the processing unit to perform the method as described above.
According to the authority management method, the authority management system and the electronic equipment, the authority can be rapidly issued to each node through the authority distribution among the nodes, and the workload of an administrator is greatly reduced.
Drawings
The above and other objects, features and advantages of exemplary embodiments of the present invention will become readily apparent from the following detailed description read in conjunction with the accompanying drawings. Several embodiments of the invention are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings and in which:
fig. 1 schematically shows a system architecture of a rights management method, system and electronic device according to an embodiment of the invention;
FIG. 2A schematically illustrates a flow chart of a rights management method according to an exemplary embodiment of the invention;
fig. 2B and 2C schematically illustrate a rights management method according to an exemplary embodiment of the present invention;
3A-3I schematically illustrate rights management methods according to further exemplary embodiments of the invention;
FIG. 4 schematically illustrates a block diagram of a rights management system according to an exemplary embodiment of the invention;
FIG. 5 schematically illustrates a schematic diagram of a computer-readable storage medium according to an exemplary embodiment of the present invention; and
fig. 6 schematically shows a block diagram of an electronic device according to an exemplary embodiment of the present invention.
In the drawings, the same or corresponding reference numerals indicate the same or corresponding parts.
Detailed Description
The principles and spirit of the present invention will be described with reference to a number of exemplary embodiments. It is understood that these embodiments are given solely for the purpose of enabling those skilled in the art to better understand and to practice the invention, and are not intended to limit the scope of the invention in any way. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
As will be appreciated by one skilled in the art, embodiments of the present invention may be embodied as a system, apparatus, device, method, or computer program product. Accordingly, the present disclosure may be embodied in the form of: entirely hardware, entirely software (including firmware, resident software, micro-code, etc.), or a combination of hardware and software.
According to an embodiment of the invention, a method, a system, a medium and an electronic device for managing authority are provided.
Moreover, any number of elements in the drawings are by way of example and not by way of limitation, and any nomenclature is used solely for differentiation and not by way of limitation.
The principles and spirit of the present invention are explained in detail below with reference to several representative embodiments of the invention.
Summary of The Invention
The inventor finds that when new employees of a company increase rapidly, the employees change their duty or change a project line, or the company newly opens the project line, a large amount of user permissions are needed to be set, and the administrator setting permissions cannot be timely and effectively assigned to everyone, so that serious hysteresis exists. Such repetitive work is not significant, but has to be performed, and if the authority system is not updated timely, the work of the user is difficult to be performed, or information is leaked. In order to solve the problem, an exemplary embodiment of the present invention provides a rights management method, which enables rights to be quickly issued to each node through rights allocation between nodes, thereby greatly reducing the workload of an administrator. The key of the invention is that before the authority is granted, whether the granted node obtains the authority of the authority through other nodes is judged, so that a secondary or even tertiary administrator does not need to be set, all nodes have the possibility of granting the authority of other nodes, and the working efficiency is greatly improved.
Having described the general principles of the invention, various non-limiting embodiments of the invention are described in detail below.
Application scene overview
Referring first to fig. 1, fig. 1 schematically illustrates a rights management method, system and system architecture of an electronic device according to an embodiment of the invention.
As shown in fig. 1, system 100 may include a plurality of nodes 110 and a network 120. Network 120 serves as a medium for providing communication links between multiple nodes 110. Network 120 may include various connection types, such as wired, wireless communication links, and so forth. The node 110 may be, for example, a terminal device of each user, but is not limited thereto. The system 100 may implement the rights management method by the method of the disclosed embodiments.
It should be noted that the above application scenarios are merely illustrated for the convenience of understanding the spirit and principles of the present invention, and the embodiments of the present invention are not limited in this respect. Rather, embodiments of the present invention may be applied to any scenario where applicable.
Exemplary method
In the following, in conjunction with the application scenario of fig. 1, a rights management method according to an exemplary embodiment of the present invention is described with reference to fig. 2A to 2C and fig. 3A to 3I.
Fig. 2A schematically shows a flowchart of a rights management method according to an exemplary embodiment of the invention.
As shown in fig. 2A, the method includes operations S210 to S230.
In operation S210, an allocation request for the first node to allocate the right to the second node is obtained.
In operation S220, it is determined whether the second node already has the authority based on the allocation request.
In operation S230, in case the second node does not have the authority, the authority is assigned to the second node.
Here, since the user a, the users B1 to B4, the users C1 to C2, and the like are a plurality of users in one organization, for example, in the network structure of the organization, the users a, the users B1 to B4, the users C1 to C2, and the like are also referred to as a node a, nodes B1 to B4, nodes C1 to C2, and the like. The nodes, although individually denoted as A, B, C, may be fully equal in status.
As shown in fig. 2B, the node a has N permissions from permission 1 to permission N, for example, permission 1 may be a read/write permission for a certain part of data, permission 2 may be a processing permission for a certain item, and the like. According to an exemplary embodiment of the invention, node A may assign its own N permissions to other nodes that have not taken the permissions, e.g., nodes B1-B4. For example, privilege 1 is assigned to B1 and B2, privilege 2 is assigned to B1, B3, and B4, and so on.
After the rights assignment shown in fig. 2B is completed, B1 obtains rights 1, rights 2, rights 3, and rights 6, and B2 obtains rights 1, rights 3, rights 5, and rights 7. As shown in FIG. 2C, B1 and B2 may continue to assign rights owned by themselves to other nodes that have not taken the rights, e.g., user B1 assigns right 1 to node C1, right 2 to nodes B2 and C1, etc. But node B1 may not assign privilege 1 and privilege 3 to node B2 because node B2 already has both privileges.
After the rights assignment shown in fig. 2C is completed, the node B1 owns the existing rights (rights 1, 2, 3, 6) and the new rights (rights 3, 7), the node B2 owns the existing rights (rights 1, 3, 5, 7) and the new rights (rights 2, 6), the node C1 owns the new rights (rights 1, 2, 3, 6, 7), and the node C2 owns the new rights (rights 3, 5, 7).
Therefore, each node has the possibility of other nodes for distributing the authority, and the authority can be rapidly issued to each node through the authority distribution among the nodes, so that the workload of an administrator is greatly reduced, and the working efficiency is improved.
According to the exemplary embodiment of the present invention, the authorization relationship among the plurality of nodes forms a tree structure, and the method further includes obtaining a query request of the first node for the authorization condition of the authority, and showing descendant nodes of the first node in the tree structure.
Fig. 3A to 3D schematically illustrate the descendant nodes exposed based on the query request according to an exemplary embodiment of the present invention.
Fig. 3A schematically illustrates a diagram of descendant nodes exposed based on a query request of node a for permission 1 according to an exemplary embodiment of the present invention. As shown in FIG. 3A, node A assigns privilege 1 to nodes B1 and B2, and node B1 in turn assigns privilege 1 to C1. In the privilege 1 dimension, nodes B1 and B2 are children of node A, node C1 is a child of node B1, and nodes B1, B2, and C1 are descendants of node A. Based on the query request of node A about permission 1, that is, node A is taken as the first node, node B1, B2, C1 and issued path of permission 1 can be shown.
Fig. 3B schematically illustrates a diagram of descendant nodes exposed based on a query request of node a for permission 2 according to an exemplary embodiment of the present invention. Similarly, as shown in FIG. 3B, node A assigns privilege 2 to node B1, which in turn assigns privilege 2 to node B1 to B2 and C1. In the privilege 2 dimension, node B1 is a child node of node A, nodes B2 and C1 are child nodes of node B1, and nodes B1, B2, and C1 are descendant nodes of node A. Based on the node a's query request for permission 2, i.e., node a as the first node, node B1, B2, C1 and issued path for permission 2 may be exposed.
Fig. 3C schematically illustrates a diagram of descendant nodes exposed based on a query request of node B1 for permission 1, according to an exemplary embodiment of the invention. According to an exemplary embodiment of the present invention, a node may be restricted from viewing its parent. As shown in FIG. 3C, with node B1 as the first node, in the privilege 1 dimension, only node C1 is a child of node B1, and thus, only node C1 is shown.
Fig. 3D schematically illustrates a diagram of descendant nodes exposed based on a query request of node B1 for permission 2, according to an exemplary embodiment of the invention. Similarly, as shown in FIG. 3D, with node B1 as the first node, in the privilege 2 dimension, nodes C1 and B2 and the issued path of privilege 2 may be viewed.
According to an exemplary embodiment of the present invention, the method further includes obtaining a closing request of the first node for the permission of a third node, where the third node is a descendant node of the first node in the tree structure, and closing the permission of the third node and the descendant node of the third node in the tree structure based on the closing request.
Fig. 3E and 3F schematically show a schematic diagram of turning off the third node (node B1) according to an exemplary embodiment of the present invention.
Fig. 3E schematically illustrates the authorization of node B1 by node a to close privilege 1 according to an exemplary embodiment of the invention. As shown in FIG. 3E, since privilege 1 of node C1 was granted by node B1, in the case that privilege 1 of node B1 was closed, node C1 was the descendant node of node B1, whose privilege 1 was also closed accordingly. Node B2 is unaffected.
Fig. 3F schematically illustrates the authorization of node B1 by node a to close privilege 2 according to an exemplary embodiment of the invention. As shown in fig. 3F, since authority 2 of nodes C1 and B2 are both granted by node B1, in the case that authority 2 of node B1 is closed, nodes C1 and B2 act as descendant nodes of node B1, and authority 2 thereof is also closed accordingly.
According to an exemplary embodiment of the present invention, the method further includes obtaining a stop request of the first node for the authority of a third node, wherein the third node is a descendant node of the first node in the tree structure, and stopping the authority of the third node without stopping the authority of the descendant node of the third node in the tree structure based on the stop request.
Fig. 3G and 3H schematically show diagrams of stopping the third node (node B1) according to an exemplary embodiment of the invention.
Fig. 3G schematically shows a diagram of node a stopping authorization of node B1 for privilege 1, according to an exemplary embodiment of the invention. As shown in fig. 3G, although authority 1 of node C1 is granted by node B1, unlike the shutdown operation, the shutdown operation does not affect descendant nodes of node B1, and thus, both nodes C1 and B2 are unaffected in the event authority 1 of node B1 is halted.
Fig. 3H schematically illustrates a diagram of node a stopping the authorization of node B1 for privilege 2, according to an exemplary embodiment of the invention. Similarly, as shown in fig. 3H, although authority 2 of nodes C1 and B2 is granted by node B1, neither node C1 nor B2 is affected in the case where node B1 is stopped.
According to an exemplary embodiment of the present invention, the fourth node is a descendant node of the first node, and the method further includes prohibiting the fourth node from assigning the right to the third node again.
Fig. 3I schematically shows a diagram of stopping or closing the authorization of the right 1 to the node C1 (third node) according to an exemplary embodiment of the present invention. As shown in FIG. 3I, node C1 is a descendant node of node A (the first node), and node B1 (the fourth node) is also a descendant node of node A, and when node A ceases or turns off authorization of node C1 for privilege 1, node B1 will be prohibited from re-authorizing privilege 1 to C1. If node D has privilege 1 and is not a descendant of node A, i.e., privilege 1 of node D is not granted directly or indirectly by node A, then node D is still able to assign privilege 1 to node C1, but at this point node C1 is no longer a descendant of node A but a descendant of node D.
The method for checking, stopping and closing the permission can accurately manage the permission and improve the safety of the system.
Exemplary System
Having described the method of an exemplary embodiment of the present invention, the rights management system of an exemplary embodiment of the present invention is explained next with reference to fig. 4.
Fig. 4 schematically shows a block diagram of a rights management system 400 according to an exemplary embodiment of the invention.
As shown in FIG. 4, rights management system 400 includes an assignment request module 410, a rights determination module 420, and a rights assignment module 430.
The allocation request module 410, for example, performs operation S210 described above with reference to fig. 2A, for obtaining an allocation request for a first node to allocate a right to a second node.
The permission determination module 420, for example, performs operation S220 described above with reference to fig. 2A, for determining whether the second node already has the permission based on the allocation request.
The authority assigning module 430, for example, performs the operation S230 described above with reference to fig. 2A, for assigning the authority to the second node if the second node does not have the authority.
According to the exemplary embodiment of the present invention, the authorization relationship among the plurality of nodes forms a tree structure, and the system further includes a query request module and a permission display module. And the query request module is used for obtaining a query request of the first node for the authorization condition of the authority. And the permission display module is used for displaying the descendant nodes of the first node in the tree structure.
According to the exemplary embodiment of the present invention, the system further includes a shutdown request module and an authority shutdown module. A closing request module, configured to obtain a closing request for the permission of a third node from the first node, where the third node is a descendant node of the first node in the tree structure. And the permission closing module is used for closing the permissions of the third node and the descendant nodes of the third node in the tree structure based on the closing request.
According to an exemplary embodiment of the present invention, the system further includes a stop request module and a permission stop module. A stopping request module, configured to obtain a stopping request for the permission of a third node from the first node, where the third node is a descendant node of the first node in the tree structure. And the permission stopping module is used for stopping the permission of the third node based on the stopping request without stopping the permission of the descendant nodes of the third node in the tree structure.
According to an exemplary embodiment of the present invention, the fourth node is a descendant node of the first node, and the system further includes a prohibiting module configured to prohibit the fourth node from assigning the right to the third node again.
Any number of modules, sub-modules, units, sub-units, or at least part of the functionality of any number thereof according to exemplary embodiments of the present invention may be implemented in one module. Any one or more of the modules, sub-modules, units, sub-units according to the exemplary embodiments of the present invention may be implemented by being divided into a plurality of modules. Any one or more of the modules, sub-modules, units, sub-units according to exemplary embodiments of the present invention may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in any other reasonable manner of hardware or firmware by integrating or packaging a circuit, or in any one of or a suitable combination of software, hardware, and firmware implementations. Alternatively, one or more of the modules, sub-modules, units, sub-units according to exemplary embodiments of the invention may be at least partially implemented as computer program modules which, when executed, may perform corresponding functions.
For example, any number of the distribution request module 410, the authority determination module 420, the authority distribution module 430, the query request module, the authority exposure module, the closing request module, the authority closing module, the stop request module, the authority stop module, and the prohibition module may be combined and implemented in one module, or any one of them may be split into a plurality of modules. Alternatively, at least part of the functionality of one or more of these modules may be combined with at least part of the functionality of the other modules and implemented in one module. According to an embodiment of the present disclosure, at least one of the allocation request module 410, the permission determination module 420, the permission allocation module 430, the query request module, the permission display module, the close request module, the permission close module, the stop request module, and the permission close module may be at least partially implemented as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented by hardware or firmware in any other reasonable manner of integrating or packaging a circuit, or implemented by any one of three implementations of software, hardware, and firmware, or any suitable combination of any of them. Alternatively, at least one of the allocation request module 410, the permission determination module 420, the permission allocation module 430, the query request module, the permission exposure module, the close request module, the permission close module, the stop request module, and the permission stop module may be at least partially implemented as a computer program module that, when executed, may perform a corresponding function.
Exemplary Medium
Having described the system of an exemplary embodiment of the present invention, a computer-readable storage medium of an exemplary embodiment of the present invention is described next with reference to fig. 5. An exemplary embodiment of the present invention provides a computer-readable storage medium having stored thereon executable instructions that, when executed by a processing unit, cause the processing unit to perform the method described above.
In some possible embodiments, aspects of the present invention may also be implemented in the form of a program product including program code for causing an electronic device to perform steps in the rights management method according to various exemplary embodiments of the present invention described in the above section "exemplary method" of this specification, when the program product is run on the electronic device, for example, the electronic device may perform step S210 as shown in fig. 2A: acquiring an allocation request of a first node for allocating authority to a second node; step S220: determining whether the second node already has the authority based on the allocation request; step S230: in the case that the second node does not have the authority, assigning the authority to the second node.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
As shown in fig. 5, a program product 500 for rights management according to an embodiment of the present invention is depicted, which may employ a portable compact disc read only memory (CD-ROM) and include program code, and may be run on an electronic device, such as a personal computer. However, the program product of the present invention is not limited in this regard and, in the present document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A readable signal medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing. Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the consumer electronic device, partly on a remote electronic device, or entirely on the remote electronic device or server. In the case of remote electronic devices, the remote electronic devices may be connected to the consumer electronic devices through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to external electronic devices (e.g., through the internet using an internet service provider).
Exemplary electronic device
Having described the method, system, and media of exemplary embodiments of the present invention, a rights management electronic device of an exemplary embodiment of the present invention is next described with reference to fig. 6.
The embodiment of the invention also provides the authority management electronic equipment. As will be appreciated by one skilled in the art, aspects of the present invention may be embodied as a system, method or program product. Thus, various aspects of the invention may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.) or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" system.
In some possible embodiments, an electronic device for rights management according to the present invention may comprise at least one processing unit, and at least one memory unit. Wherein the storage unit stores program code which, when executed by the processing unit, causes the processing unit to perform the steps of the rights management method according to various exemplary embodiments of the present invention described in the above section "exemplary method" of this specification. For example, the processing unit may perform step S210 as shown in fig. 2A: acquiring an allocation request of a first node for allocating authority to a second node; step S220: determining whether the second node already has the authority based on the allocation request; step S230: in the case that the second node does not have the authority, assigning the authority to the second node.
A rights management electronic device 600 according to this embodiment of the invention is described below with reference to fig. 6. The electronic device 600 as shown in 600 is only an example and should not bring any limitations to the functionality or scope of use of embodiments of the present invention.
As shown in fig. 6, the electronic device 600 is represented in the form of a general electronic device. The components of the electronic device 600 may include, but are not limited to: the at least one processing unit 610, the at least one memory unit 620, and a bus 630 that couples the various system components including the memory unit 620 and the processing unit 610.
The bus 630 includes a data bus, an address bus, and a control bus.
The storage unit 620 may include volatile memory, such as Random Access Memory (RAM) 621 and/or cache memory 622, and may further include Read Only Memory (ROM) 623.
The storage unit 620 may also include a program/utility 625 having a set (at least one) of program modules 624, such program modules 624 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
The electronic device 600 may also communicate with one or more external devices 640 (e.g., keyboard, pointing device, bluetooth device, etc.), which may be through an input/output (I/O) interface 650. Also, the electronic device 600 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the Internet) via the network adapter 660. As shown, the network adapter 660 communicates with the other modules of the electronic device 600 over the bus 630. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the electronic device 600, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
It should be noted that although several units/modules or sub-units/modules of the rights management system are mentioned in the above detailed description, such division is merely exemplary and not mandatory. Indeed, the features and functionality of two or more of the units/modules described above may be embodied in one unit/module according to embodiments of the invention. Conversely, the features and functions of one unit/module described above may be further divided into embodiments by a plurality of units/modules.
Moreover, while the operations of the method of the invention are depicted in the drawings in a particular order, this does not require or imply that the operations must be performed in this particular order, or that all of the illustrated operations must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions.
While the spirit and principles of the invention have been described with reference to several particular embodiments, it is to be understood that the invention is not limited to the disclosed embodiments, nor is the division of aspects, which is for convenience only as the features in such aspects may not be combined to benefit. The invention is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.
Claims (10)
1. A permission management method is used for permission distribution in an office scene and comprises the following steps:
obtaining an allocation request of a first node for allocating authority to a second node, wherein the first node and the second node do not have a hierarchical relationship;
determining whether the second node already has the authority based on the allocation request; and
in the case that the second node does not have the authority, assigning the authority to the second node;
wherein, the authorization relationship among a plurality of nodes forms a tree structure, the method further comprises:
obtaining a query request of the first node for the authorization condition of the authority;
and displaying the descendant nodes of the first node in the tree structure.
2. The method of claim 1, further comprising:
obtaining a closing request of the first node for the authority of a third node, wherein the third node is a descendant node of the first node in the tree structure;
and closing the permission of the third node and the descendant nodes of the third node in the tree structure based on the closing request.
3. The method of claim 1, further comprising:
obtaining a stop request of the first node for the authority of a third node, wherein the third node is a descendant node of the first node in the tree structure;
stopping the authority of the third node without stopping the authority of descendant nodes of the third node in the tree structure based on the stop request.
4. A method according to claim 2 or 3, wherein a fourth node is a descendant node of the first node, the method further comprising:
prohibiting the fourth node from assigning the right to the third node again.
5. A rights management system for rights assignment in an office setting, comprising:
the system comprises an allocation request module, a first node and a second node, wherein the allocation request module is used for obtaining an allocation request of a first node for allocating authority to the second node, and the first node and the second node do not have a hierarchical relationship;
a permission determination module to determine whether the second node already has the permission based on the allocation request; and
the authority distributing module is used for distributing the authority to the second node under the condition that the second node does not have the authority;
wherein, the authorization relation among a plurality of nodes forms a tree structure, the system further comprises:
the inquiry request module is used for acquiring an inquiry request of the first node for the authorization condition of the authority;
and the permission display module is used for displaying the descendant nodes of the first node in the tree structure.
6. The system of claim 5, further comprising:
a closing request module, configured to obtain a closing request for the permission of a third node from the first node, where the third node is a descendant node of the first node in the tree structure;
and the permission closing module is used for closing the permissions of the third node and the descendant nodes of the third node in the tree structure based on the closing request.
7. The system of claim 5, further comprising:
a stopping request module, configured to obtain a stopping request for the permission of a third node from the first node, where the third node is a descendant node of the first node in the tree structure;
and the permission stopping module is used for stopping the permission of the third node based on the stopping request without stopping the permission of the descendant nodes of the third node in the tree structure.
8. The system of claim 6 or 7, wherein a fourth node is a descendant of the first node, the system further comprising:
a forbidding module, configured to forbid the fourth node from allocating the right to the third node again.
9. A computer-readable storage medium having stored thereon executable instructions that, when executed by a processing unit, cause the processing unit to perform the method of any one of claims 1-4.
10. An electronic device, comprising:
a processing unit; and
a storage unit having stored thereon executable instructions that, when executed by the processing unit, cause the processing unit to perform the method of any of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810874099.6A CN109246079B (en) | 2018-08-02 | 2018-08-02 | Authority management method, system, medium and electronic device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810874099.6A CN109246079B (en) | 2018-08-02 | 2018-08-02 | Authority management method, system, medium and electronic device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109246079A CN109246079A (en) | 2019-01-18 |
| CN109246079B true CN109246079B (en) | 2021-09-24 |
Family
ID=65072927
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810874099.6A Active CN109246079B (en) | 2018-08-02 | 2018-08-02 | Authority management method, system, medium and electronic device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109246079B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1739109A (en) * | 2001-05-31 | 2006-02-22 | 康坦夹德控股股份有限公司 | Method and apparatus for hierarchical assignment of rights to documents and documents having such rights |
| CN101453357A (en) * | 2007-12-05 | 2009-06-10 | 中国移动通信集团公司 | Network management control method and network management control system |
| EP2287770A2 (en) * | 2005-10-13 | 2011-02-23 | Samsung Electronics Co., Ltd. | Method and system for providing DRM license |
| CN103632082A (en) * | 2013-12-10 | 2014-03-12 | 惠州华阳通用电子有限公司 | Universal permission management system and universal permission management method |
| CN104182503A (en) * | 2014-08-18 | 2014-12-03 | 上海众恒信息产业股份有限公司 | Cloud platform data access safety isolation method |
| CN105956459A (en) * | 2016-05-11 | 2016-09-21 | 上海佳依佳信息科技有限公司 | Method and equipment for managing user permission |
| CN107430712A (en) * | 2014-12-19 | 2017-12-01 | 艾诺茨Ip公司 | Resource management system is can access with the network that can be allocated management of |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9390255B2 (en) * | 2011-09-29 | 2016-07-12 | Oracle International Corporation | Privileged account manager, dynamic policy engine |
| CN105373714B (en) * | 2015-11-26 | 2018-08-31 | 深圳市金证科技股份有限公司 | A kind of user authority control method and device |
-
2018
- 2018-08-02 CN CN201810874099.6A patent/CN109246079B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1739109A (en) * | 2001-05-31 | 2006-02-22 | 康坦夹德控股股份有限公司 | Method and apparatus for hierarchical assignment of rights to documents and documents having such rights |
| EP2287770A2 (en) * | 2005-10-13 | 2011-02-23 | Samsung Electronics Co., Ltd. | Method and system for providing DRM license |
| CN101453357A (en) * | 2007-12-05 | 2009-06-10 | 中国移动通信集团公司 | Network management control method and network management control system |
| CN103632082A (en) * | 2013-12-10 | 2014-03-12 | 惠州华阳通用电子有限公司 | Universal permission management system and universal permission management method |
| CN104182503A (en) * | 2014-08-18 | 2014-12-03 | 上海众恒信息产业股份有限公司 | Cloud platform data access safety isolation method |
| CN107430712A (en) * | 2014-12-19 | 2017-12-01 | 艾诺茨Ip公司 | Resource management system is can access with the network that can be allocated management of |
| CN105956459A (en) * | 2016-05-11 | 2016-09-21 | 上海佳依佳信息科技有限公司 | Method and equipment for managing user permission |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109246079A (en) | 2019-01-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110915182B (en) | Intrusion detection and mitigation in data processing | |
| CN110414268B (en) | Access control method, device, equipment and storage medium | |
| US10614233B2 (en) | Managing access to documents with a file monitor | |
| US9460303B2 (en) | Operating large scale systems and cloud services with zero-standing elevated permissions | |
| US10176020B2 (en) | Dynamic management of computing platform resources | |
| US8966578B1 (en) | Intelligent system for enabling automated secondary authorization for service requests in an agile information technology environment | |
| US9626526B2 (en) | Trusted public infrastructure grid cloud | |
| US9904484B2 (en) | Securing protected information based on software designation | |
| US10891386B2 (en) | Dynamically provisioning virtual machines | |
| US10452454B1 (en) | Instructing the use of application programming interface commands in a runtime environment | |
| US20160092887A1 (en) | Application license distribution and management | |
| US20190005260A1 (en) | Method and system for isolating application data access | |
| US20160277308A1 (en) | Dynamic management of computing platform resources | |
| US20210226956A1 (en) | Constrained roles for access management | |
| WO2016026320A1 (en) | Access control method and apparatus | |
| JP2004158007A (en) | Computer access authorization | |
| JP7209108B2 (en) | System and method for license analysis | |
| CN107636667B (en) | System and method for creating multiple workspaces in a device | |
| CN114595467A (en) | Multi-stage protection for data center objects | |
| US10146707B2 (en) | Hardware-based memory protection | |
| CN109246079B (en) | Authority management method, system, medium and electronic device | |
| US20110113474A1 (en) | Network system security managment | |
| CN113282890B (en) | Resource authorization method, device, electronic equipment and storage medium | |
| US20220100822A1 (en) | Software access through heterogeneous encryption | |
| Sifou et al. | Different access control mechanisms for data security in cloud computing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |