CN109388922A - A kind of user management based on RBAC model and a key log in realizing method - Google Patents
A kind of user management based on RBAC model and a key log in realizing method Download PDFInfo
- Publication number
- CN109388922A CN109388922A CN201710658740.8A CN201710658740A CN109388922A CN 109388922 A CN109388922 A CN 109388922A CN 201710658740 A CN201710658740 A CN 201710658740A CN 109388922 A CN109388922 A CN 109388922A
- Authority
- CN
- China
- Prior art keywords
- user
- role
- key
- module
- permission
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
Abstract
A kind of user management based on RBAC model and a key log in realizing method, based on RBAC(Role-Based Access Control) model, carry out the setting of user and role, i.e. permission is associated with role, user obtains the permission of these roles by becoming the member of appropriate role, role created to complete various work, and user is then assigned corresponding role according to its responsibility and qualification, and user easily can be assigned to another role from a role.The merging of the demand and system of role Ke Yixin and assign new permission, and permission can also as needed and be recycled from certain role.The relationship of role and role can establish to include wider objective circumstances.The realization of a key login function is carried out using the user management based on RBAC model, not only realize a key login function, the service efficiency of correspondence system is improved for user, additionally it is possible to which the user of entire each key login system object and permission promote the adhesiveness of each family for integrating objective system.
Description
Technical field
The present invention relates to information data administrative skill field, a kind of user management based on RBAC model and one are particularly related to
Key logs in realizing method.
Background technique
The right access control RBAC model (Role-Based Access Control) of based role is visited as tradition
Ask that the promising of control replaces widely being paid close attention to.In RBAC, permission is associated with role, and user is by becoming appropriate
The member of role and obtain the permission of these roles.This just greatly simplifies the management of permission.In a tissue, Jiao Seshi
It creates to complete various work, user is then assigned corresponding role according to its responsibility and qualification, and user can be very
Easily another role is assigned to from a role.The merging of the demand and system of role Ke Yixin and assign new power
Limit, and permission can also be recycled from certain role as needed.The relationship of role and role can establish wider to include
General objective circumstances.
Currently, the scale of information-based systems construction is increasing, system is more and more.It is in-house at one, usually all
Five or more information systems are used, user needs frequently to carry out in the family of each system to log in switching back and forth, causes pole
Big benefit inconvenient for use, reduces working efficiency.In view of the situation, a key, which logs in, (is existed using same user name and password
Seamless switching between one in-house subsystems) realization of function will be provided with biggish demand.But reality is, by
In each system from different developers, different user and permission are used, the realization thus logged in a key causes
Technology barrier.
It is done to solve the above problems, logging in realization the invention proposes a kind of user management based on RBAC model and a key
Method is carried out the realization of a key login function using the user management based on RBAC model, not only realizes a key login function, be
User improves the service efficiency of correspondence system, additionally it is possible to which the user of entire each key login system object and permission are promoted
The adhesiveness of each family for integrating objective system.
Summary of the invention
The present invention provides a kind of user management based on RBAC model and a key logs in realizing method, and technology of the invention is real
Now based on the system architecture of B/S, suitable for the application software system operated in windows operating system, the present invention include with
Lower functional module:
Database management module: to store all data information, including user's table, Jiao Sebiao, user role contingency table, role
Authority list, menu sheet, page elements table, authority list;
User management module: to carry out logic realization to RBAC model;
One key, which logs in, realizes module: algorithm is logged in based on design and the key realized, to realize that a key logs in.
(1) database management module
Storing all data information, including user's table, Jiao Sebiao, user role contingency table, role-security table, menu sheet,
Page elements table, authority list.Each table is defined as follows, and wherein underscore represents major key:
User's tableid,username,password,home,homeid};
Username- user name, password- password, home- source systems, homeid- source systems User ID.
Role's table { id, rolename };
Rolename- role name.
User role contingency table { userid, roleid };
Two fields respectively correspond the major key in user's table and role's table, and corresponding relationship is consequently formed.
Role-security table { id, roleid, auth };
Roleid- role's id, auth- weight, all permissions sequence is arranged, and is opened using Boolean type Data Identification corresponding authority
Close, thus obtain a binary system ordered series of numbers, by binary system ordered series of numbers change into decimal value deposit database, weighting in limited time by ten into
The key assignments of system is converted to binary system ordered series of numbers and obtains corresponding authority.
(2) user management module
Logic realization is carried out to RBAC model.Using object oriented designing method, user class is defined:
Class User{
Vchar Username;// user name
Vchar Userid;The User ID in user's table in // database management module
Vchar Password;// password
Vchar home;// source systems title
Vchar homeid;The User ID of // source systems
Auth auth;// permission set
}
Wherein, Auth is customized permission collection class, includes all authority informations in class, using Boolean type Data Identification
Each permission.
(3) one keys, which log in, realizes module.
One key, which logs in, realizes that module is realized based on following below scheme:
1. user accesses application system, user name and password are keyed in, into login authentication;
2. a key, which logs in, realizes that if module checks currently logged on user's name not in the user of the database management module of oneself
It is stored in table, then user request is re-introduced on the server of corresponding login system, is got on that server
It is returned in book server after user information;
3. a key, which logs in, realizes that a key logs in user for module check, finds use of the user in database management module
The information recorded in the table of family, while corresponding authorization role information is obtained, user object is generated, cookies is stored in;
4. a key, which logs in, realizes that module generates User Token according to the result of third step, it is directed to the application system that user it is expected to log in
System;
5. user it is expected that the application system logged in receives the User Token of unified format, login account of the user in this system is obtained
Number, by user, state is set to login in this system, returns to the page that user requests access to.
Specific embodiment
To keep the technical problem to be solved in the present invention, technical solution and advantage clearer, below in conjunction with specific implementation
Example is described in detail.
Embodiment
Technology of the invention realizes the system architecture based on B/S, suitable for the application software operated in windows operating system
System, the present invention include following functions module:
Database management module: to store all data information, including user's table, Jiao Sebiao, user role contingency table, role
Authority list, menu sheet, page elements table, authority list;
User management module: to carry out logic realization to RBAC model;
One key, which logs in, realizes module: algorithm is logged in based on design and the key realized, to realize that a key logs in.
(1) database management module
Storing all data information, including user's table, Jiao Sebiao, user role contingency table, role-security table, menu sheet,
Page elements table, authority list.Each table is defined as follows, and wherein underscore represents major key:
User's tableid,username,password,home,homeid};
Username- user name, password- password, home- source systems, homeid- source systems User ID.
Role's table { id, rolename };
Rolename- role name.
User role contingency table { userid, roleid };
Two fields respectively correspond the major key in user's table and role's table, and corresponding relationship is consequently formed.
Role-security table { id, roleid, auth };
Roleid- role's id, auth- weight, all permissions sequence is arranged, and is opened using Boolean type Data Identification corresponding authority
Close, thus obtain a binary system ordered series of numbers, by binary system ordered series of numbers change into decimal value deposit database, weighting in limited time by ten into
The key assignments of system is converted to binary system ordered series of numbers and obtains corresponding authority.
(2) user management module
Logic realization is carried out to RBAC model.Using object oriented designing method, user class is defined:
Class User{
Vchar Username;// user name
Vchar Userid;The User ID in user's table in // database management module
Vchar Password;// password
Vchar home;// source systems title
Vchar homeid;The User ID of // source systems
Auth auth;// permission set
}
Wherein, Auth is customized permission collection class, includes all authority informations in class, using Boolean type Data Identification
Each permission.
(3) one keys, which log in, realizes module.
One key, which logs in, realizes that module is realized based on following below scheme:
1. user accesses application system, user name and password are keyed in, into login authentication;
2. a key, which logs in, realizes that if module checks currently logged on user's name not in the user of the database management module of oneself
It is stored in table, then user request is re-introduced on the server of corresponding login system, is got on that server
It is returned in book server after user information;
3. a key, which logs in, realizes that a key logs in user for module check, finds use of the user in database management module
The information recorded in the table of family, while corresponding authorization role information is obtained, user object is generated, cookies is stored in;
4. a key, which logs in, realizes that module generates User Token according to the result of third step, it is directed to the application system that user it is expected to log in
System;
User it is expected that the application system logged in receives the User Token of unified format, obtains login account of the user in this system
Number, by user, state is set to login in this system, returns to the page that user requests access to.
The above is a preferred embodiment of the present invention, it is noted that for those skilled in the art
For, without departing from the principles of the present invention, several improvements and modifications can also be made, these improvements and modifications
It should be regarded as protection scope of the present invention.
Claims (4)
1. a kind of user management based on RBAC model and a key log in realizing method, technology of the invention is realized based on B/S's
System architecture, suitable for the application software system operated in windows operating system, the present invention includes following functions module:
Database management module: to store all data information, including user's table, Jiao Sebiao, user role contingency table, role
Authority list, menu sheet, page elements table, authority list;
User management module: to carry out logic realization to RBAC model;
One key, which logs in, realizes module: algorithm is logged in based on design and the key realized, to realize that a key logs in.
2. a kind of user management based on RBAC model according to claim 1 and a key log in realizing method, feature
It is, the database management module, to store all data information, including the association of user's table, Jiao Sebiao, user role
Table, role-security table, menu sheet, page elements table, authority list, each table are defined as follows, and wherein underscore represents major key:
User's tableid, username, password, home, homeid }, Username- user name, password- password,
Home- source systems, homeid- source systems User ID;
Role's table { id, rolename }, Rolename- role name;
User role contingency table { userid, roleid }, two fields respectively correspond the major key in user's table and role's table, thus
Form corresponding relationship;
Role-security table { id, roleid, auth }, Roleid- role's id, auth- weight, all permissions sequence is arranged, is adopted
It is switched with Boolean type Data Identification corresponding authority, thus obtains a binary system ordered series of numbers, binary system ordered series of numbers is changed into decimal number
Value deposit database, metric key assignments is converted to binary system ordered series of numbers obtains corresponding authority to weighting in limited time.
3. a kind of user management based on RBAC model according to claim 1 and a key log in realizing method, feature
It is, the user management module, logic realization is carried out to RBAC model, using object oriented designing method, defines user
Class:
Class User{
Vchar Username;// user name
Vchar Userid;The User ID in user's table in // database management module
Vchar Password;// password
Vchar home;// source systems title
Vchar homeid;The User ID of // source systems
Auth auth;// permission set
}
Wherein, Auth is customized permission collection class, includes all authority informations in class, using Boolean type Data Identification
Each permission.
4. a kind of user management based on RBAC model according to claim 1 and a key log in realizing method, feature
It is, a key, which logs in, realizes module, it is realized based on following below scheme:
(1) user accesses application system, user name and password is keyed in, into login authentication;
(2) if a key, which logs in, realizes that module checks currently logged on user's name not in the user of the database management module of oneself
It is stored in table, then user request is re-introduced on the server of corresponding login system, is got on that server
It is returned in book server after user information;
(3) one keys, which log in, realizes that a key logs in user for module check, finds the user in database management module
The information recorded in user's table, while corresponding authorization role information is obtained, user object is generated, cookies is stored in;
(4) one keys, which log in, realizes that module generates User Token according to the result of third step, is directed to user and it is expected the application logged in
System;
(5) user it is expected that the application system logged in receives the User Token of unified format, obtains login of the user in this system
Account, by user, state is set to login in this system, returns to the page that user requests access to.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710658740.8A CN109388922A (en) | 2017-08-04 | 2017-08-04 | A kind of user management based on RBAC model and a key log in realizing method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710658740.8A CN109388922A (en) | 2017-08-04 | 2017-08-04 | A kind of user management based on RBAC model and a key log in realizing method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109388922A true CN109388922A (en) | 2019-02-26 |
Family
ID=65412901
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710658740.8A Pending CN109388922A (en) | 2017-08-04 | 2017-08-04 | A kind of user management based on RBAC model and a key log in realizing method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109388922A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111125676A (en) * | 2019-12-23 | 2020-05-08 | 北京百度网讯科技有限公司 | Joint authorization method and device |
| CN111625842A (en) * | 2019-02-28 | 2020-09-04 | 武汉朗立创科技有限公司 | Permission control system based on RBAC |
| CN111783050A (en) * | 2020-07-02 | 2020-10-16 | 浪潮云信息技术股份公司 | Role and authority control system of website user |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101414253A (en) * | 2007-10-17 | 2009-04-22 | 华为技术有限公司 | Method and system for managing authority |
| CN102025495A (en) * | 2009-09-17 | 2011-04-20 | 成都康赛电子科大信息技术有限责任公司 | SAML2.0-based identity authentication and management |
| CN103701801A (en) * | 2013-12-26 | 2014-04-02 | 四川九洲电器集团有限责任公司 | Resource access control method |
| CN104320394A (en) * | 2014-10-24 | 2015-01-28 | 华迪计算机集团有限公司 | Single sign-on achievement method and system |
| CN104408339A (en) * | 2014-12-18 | 2015-03-11 | 山东钢铁股份有限公司 | Authority management method for information system |
| CN105577667A (en) * | 2015-12-28 | 2016-05-11 | 上海赞越软件服务中心 | Multi-account one-key login and authentication mechanism |
| CN106470181A (en) * | 2015-08-14 | 2017-03-01 | 威海兴达信息科技有限公司 | A kind of management system being applied to multi-platform docking User logs in |
| CN106611132A (en) * | 2015-10-27 | 2017-05-03 | 镇江华扬信息科技有限公司 | RBAC (Role-Based Access Control) method |
| US20170177648A1 (en) * | 2014-03-25 | 2017-06-22 | Open Text Sa Ulc | System and Method for Maintenance of Transitive Closure of a Graph and User Authentication |
-
2017
- 2017-08-04 CN CN201710658740.8A patent/CN109388922A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101414253A (en) * | 2007-10-17 | 2009-04-22 | 华为技术有限公司 | Method and system for managing authority |
| CN102025495A (en) * | 2009-09-17 | 2011-04-20 | 成都康赛电子科大信息技术有限责任公司 | SAML2.0-based identity authentication and management |
| CN103701801A (en) * | 2013-12-26 | 2014-04-02 | 四川九洲电器集团有限责任公司 | Resource access control method |
| US20170177648A1 (en) * | 2014-03-25 | 2017-06-22 | Open Text Sa Ulc | System and Method for Maintenance of Transitive Closure of a Graph and User Authentication |
| CN104320394A (en) * | 2014-10-24 | 2015-01-28 | 华迪计算机集团有限公司 | Single sign-on achievement method and system |
| CN104408339A (en) * | 2014-12-18 | 2015-03-11 | 山东钢铁股份有限公司 | Authority management method for information system |
| CN106470181A (en) * | 2015-08-14 | 2017-03-01 | 威海兴达信息科技有限公司 | A kind of management system being applied to multi-platform docking User logs in |
| CN106611132A (en) * | 2015-10-27 | 2017-05-03 | 镇江华扬信息科技有限公司 | RBAC (Role-Based Access Control) method |
| CN105577667A (en) * | 2015-12-28 | 2016-05-11 | 上海赞越软件服务中心 | Multi-account one-key login and authentication mechanism |
Non-Patent Citations (3)
| Title |
|---|
| 傅小英: "基于Yale_CAS的单点登录系统的研究与设计", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
| 徐龙升: "基于改进的RBAC模型和CAS的单点登录设计与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
| 李勇: "高职院校统一身份认证系统的设计与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111625842A (en) * | 2019-02-28 | 2020-09-04 | 武汉朗立创科技有限公司 | Permission control system based on RBAC |
| CN111125676A (en) * | 2019-12-23 | 2020-05-08 | 北京百度网讯科技有限公司 | Joint authorization method and device |
| CN111125676B (en) * | 2019-12-23 | 2022-06-03 | 北京百度网讯科技有限公司 | Joint authorization method and device |
| CN111783050A (en) * | 2020-07-02 | 2020-10-16 | 浪潮云信息技术股份公司 | Role and authority control system of website user |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2017352545B2 (en) | Systems and methods for digital identity management and permission controls within distributed network nodes | |
| EP3491572B1 (en) | Method for controlling access to a shared resource | |
| Anagnostopoulos et al. | Persistent authenticated dictionaries and their applications | |
| US10984124B2 (en) | Method of managing access in a collaborative data sharing platform | |
| CN1326353C (en) | Method and system for integrated protection of data distributed processing in computer networks | |
| US20180322587A1 (en) | Payroll based blockchain identity | |
| CN101729551B (en) | Method and system for controlling access privilege for trusted network node | |
| Chander et al. | A State-Transition Model of Trust Management and Access Control. | |
| US8850041B2 (en) | Role based delegated administration model | |
| US20090276840A1 (en) | Unified access control system and method for composed services in a distributed environment | |
| Zhang et al. | Using blockchain to protect personal privacy in the scenario of online taxi-hailing | |
| Dias et al. | A blockchain-based scheme for access control in e-health scenarios | |
| US11394542B2 (en) | Deauthorization of private key of decentralized identity | |
| CN109388922A (en) | A kind of user management based on RBAC model and a key log in realizing method | |
| US20220200791A1 (en) | Method for encrypting and storing computer files and associated encryption and storage device | |
| Dagher et al. | Towards secure interoperability between heterogeneous blockchains using smart contracts | |
| JP2006099779A (en) | Right management | |
| Derler et al. | Rethinking privacy for extended sanitizable signatures and a black-box construction of strongly private schemes | |
| WO2020256839A1 (en) | Cryptographic key generation using external entropy generation | |
| Hu et al. | Blockchain for access control systems | |
| EP3817320B1 (en) | Blockchain-based system for issuing and validating certificates | |
| Sundari et al. | Secure multi-party computation in differential private data with Data Integrity Protection | |
| CN102882933A (en) | Encrypted cloud storage system | |
| Lorünser et al. | Towards a new paradigm for privacy and security in cloud services | |
| US20050081033A1 (en) | Method and device for data protection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20190226 |