CN109766706A - A kind of more Rights Management System of data - Google Patents
A kind of more Rights Management System of data Download PDFInfo
- Publication number
- CN109766706A CN109766706A CN201811625074.9A CN201811625074A CN109766706A CN 109766706 A CN109766706 A CN 109766706A CN 201811625074 A CN201811625074 A CN 201811625074A CN 109766706 A CN109766706 A CN 109766706A
- Authority
- CN
- China
- Prior art keywords
- data
- permission
- rights management
- management system
- privacy requirements
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000001419 dependent effect Effects 0.000 claims description 9
- 238000012986 modification Methods 0.000 claims description 5
- 230000004048 modification Effects 0.000 claims description 5
- 238000007726 management method Methods 0.000 abstract description 47
- 238000013523 data management Methods 0.000 abstract description 3
- 238000013461 design Methods 0.000 abstract description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005315 distribution function Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000000034 method Methods 0.000 description 1
Abstract
The present invention provides a kind of more Rights Management System of data, including Rights Management System, coarse grain privilege system, fine granularity permission system, security permission system.The present invention can be realized the fining rights management of data, and more humane service is provided by the design of coarse grain privilege system, by fine granularity permission system strict guarantee data using safe, meet the finer privacy requirements of data by security permission system, the intelligence switching of permission between multiple permission systems is provided by Rights Management System, according to user information, data information, scene information and user's initial rights, allocation algorithm is intelligently mapped using permission, quickly calculate the permission that user possesses under a variety of permission systems, greatly improve the flexibility of data management, hommization and safety.
Description
Technical field
The present invention relates to a kind of more Rights Management System of data, belong to the rights management field of data.
Background technique
Existing Rights Management System, it is most of to belong to single Rights Management System.Than if any coarse grain privilege management
System only has a small amount of priority assignation such as display, hiding, cannot achieve fine-grained data management, to not can guarantee secrecy
The safety of data;Some fine grain authority management systems possess very more priority assignations, it is ensured that the safety of data
Property, but also just because of priority assignation excessively fine granularity and management it is excessively stringent, cause user's usage experience bad, very
It is limited.It can be considered to by combining coarse grain privilege system, fine granularity permission system and dividing finer security permission
System, at the same build on these three permission systems a set of Rights Management System come to its respectively between permission carry out intelligence
The mode for changing handover management realizes more flexible, more humanized, safer Rights Management System.
But since each permission system is in charge of different data, for convenient use and reduction conflict, need in each power
Increase a Rights Management System between limit system for realizing coarse grain privilege system, fine granularity permission system and safety right
The intelligent permission transform of limit system and management, so that a variety of permission systems are truly carried out integrated management, Jin Erda
To reduction tables of data and refresh expense, while part permission being hidden to avoid illegal person from invading, is mentioned
For more convenient, flexible, safe rights management service.
Summary of the invention
In order to solve the above technical problems, the present invention provides a kind of more Rights Management System of data, more power of the data
Limit management system is capable of providing more flexible, more convenient, more humanized rights management service, and guarantees the peace of data
Full property and stability.
The present invention is achieved by the following technical programs.
A kind of more Rights Management System of data provided by the invention, including Rights Management System, coarse grain privilege system,
Fine granularity permission system, security permission system;The Rights Management System to coarse grain privilege system, fine granularity permission system,
The task of security permission system is managed, and the coarse grain privilege system at least provides display, part display, hides three kinds of power
Limit, the fine granularity permission system at least provide denied access, Hide All, part display, it is read-only, read and write, can not download, can
Seven kinds of permissions are downloaded, the security permission system at least provides reading, upload, downloading, modification, deletes five kinds of permissions;It is described thick
Granularity permission system, fine granularity permission system, security permission system bottom data include algorithm metadata, conventional privacy requirements number
According to, conventional privacy requirements code, fine privacy requirements data, fine privacy requirements code.
The bottom data of the coarse grain privilege system is algorithm metadata.
The bottom data of the fine granularity permission system is conventional privacy requirements data, conventional privacy requirements code.
The bottom data of the security permission system is fine privacy requirements data, fine privacy requirements code.
It further include dependent management systems, dependent management systems are independently managed the task of absolute permission system.
The bottom data of the absolute permission system is be kept absolutely secret demand data, the demand that is kept absolutely secret code.
The task of the Rights Management System and dependent management systems is managed by applying using management system.
The beneficial effects of the present invention are: it can be realized the fining rights management of data, and pass through coarse grain privilege
The design of system provides more humane service, by fine granularity permission system strict guarantee data using safe, passes through peace
Full permission system meets the finer privacy requirements of data, provides permission between multiple permission systems by Rights Management System
Intelligence switching utilizes permission intelligently mapping distribution according to user information, data information, scene information and user's initial rights
Algorithm quickly calculates the permission that user possesses under a variety of permission systems, greatly promotes flexibility, the hommization of data management
And safety.
Detailed description of the invention
Fig. 1 is system connection schematic diagram of the invention.
Specific embodiment
Be described further below technical solution of the present invention, but claimed range be not limited to it is described.
A kind of more Rights Management System of data as shown in Figure 1, including Rights Management System, coarse grain privilege system,
Fine granularity permission system, security permission system;The Rights Management System to coarse grain privilege system, fine granularity permission system,
The task of security permission system is managed, and the coarse grain privilege system at least provides display, part display, hides three kinds of power
Limit, the fine granularity permission system at least provide denied access, Hide All, part display, it is read-only, read and write, can not download, can
Seven kinds of permissions are downloaded, the security permission system at least provides reading, upload, downloading, modification, deletes five kinds of permissions;It is described thick
Granularity permission system, fine granularity permission system, security permission system bottom data include algorithm metadata, conventional privacy requirements number
According to, conventional privacy requirements code, fine privacy requirements data, fine privacy requirements code.
The bottom data of the coarse grain privilege system is algorithm metadata.
The bottom data of the fine granularity permission system is conventional privacy requirements data, conventional privacy requirements code.
The bottom data of the security permission system is fine privacy requirements data, fine privacy requirements code.
It further include dependent management systems, dependent management systems are independently managed the task of absolute permission system.
The bottom data of the absolute permission system is be kept absolutely secret demand data, the demand that is kept absolutely secret code.
The task of the Rights Management System and dependent management systems is managed by applying using management system.
In the present invention, due to safety concerns, dependent management systems and absolute permission system autonomous system, and rights management system
System, coarse grain privilege system, fine granularity permission system, security permission system are built generally according to following steps:
1) data/code classification and generation data/code metadata:
(1) data/code classification classification is carried out according to specific rule to save;
(2) to using frequently or data/code with higher use value establishes descriptive information, i.e. metadata,
Data as the close level of minimum living are saved;
2) coarse grain privilege system is established:
(1) it is managed using the data/code of most of metadata and part Low Security Level as required for coarse grain privilege system
Bottom data;
(2) establishing has display, part display, the coarse grain privilege management system for hiding three kinds of permissions;
3) fine granularity permission system is established:
(1) metadata with privacy requirements is managed with most of data, code as required for fine granularity permission system
The bottom data of reason;
(2) establish have denied access, Hide All, part display, it is read-only, read and write, can not download, can download, etc. it is more
The fine granularity permission system of kind permission;
4) security permission system is established:
(1) using the data that for different user role there are more fine privacy requirements to divide, code as safety right
The bottom data managed required for limit system;
(2) user is established as to provide from multiple dimensions progress authority configuration management such as reading, upload, downloading, modification, deletion
Security permission system;
5) Rights Management System is established:
(1) the intelligence switching of the permission of coarse grain privilege system, fine granularity permission system and security permission system, root are established
It is quickly calculated according to user information, data information, scene information and user's initial rights using permission smart allocation algorithm
The permission that user possesses under a variety of permission systems.It is required that same account possesses more permissions in coarse grain privilege system,
Fine granularity permission system and security permission system possess less permission;
(2) realize that the intelligence of security permission system, fine granularity permission system and security permission system switches, without each
The authority list of user is inquired when switching permission system, it is possible to reduce expense when permission switches improves the efficiency of rights management;
(3) intelligent management between coarse grain privilege system, fine granularity permission system and security permission system is realized,
Meet quick permission switching of the user in the data of different privacy requirements and security classification, avoids repeatedly to database refresh
Expense;
(4) realize that fraction limits hiding in the middle part of coarseness, fine granularity and security permission system, avoids entering for illegal person
It invades;
6) user information table and permission are established and distributes adjustment system automatically:
(1) unified user information table is established, and is encrypted using Encryption Algorithm;
(2) establish the unified automatic distribution function of user's registration permission, i.e., the user of registration is carried out automatically IP parsing,
Area's parsing etc., the permission of most original is distributed according to parsing result automatically;
(3) the associated update system of permission, i.e., any modification coarse grain privilege system, fine granularity permission system and peace are realized
When permission in full permission system, the permission in other permission systems also follows change.
Claims (7)
1. a kind of more Rights Management System of data, including Rights Management System, coarse grain privilege system, fine granularity permission system
System, security permission system, it is characterised in that: the Rights Management System is to coarse grain privilege system, fine granularity permission system, peace
The task of full permission system is managed, and the coarse grain privilege system at least provides display, part display, hides three kinds of power
Limit, the fine granularity permission system at least provide denied access, Hide All, part display, it is read-only, read and write, can not download, can
Seven kinds of permissions are downloaded, the security permission system at least provides reading, upload, downloading, modification, deletes five kinds of permissions;It is described thick
Granularity permission system, fine granularity permission system, security permission system bottom data include algorithm metadata, conventional privacy requirements number
According to, conventional privacy requirements code, fine privacy requirements data, fine privacy requirements code.
2. more Rights Management System of data as described in claim 1, it is characterised in that: the bottom of the coarse grain privilege system
Layer data is algorithm metadata.
3. more Rights Management System of data as described in claim 1, it is characterised in that: the bottom of the fine granularity permission system
Layer data is conventional privacy requirements data, conventional privacy requirements code.
4. more Rights Management System of data as described in claim 1, it is characterised in that: the bottom of the security permission system
Data are fine privacy requirements data, fine privacy requirements code.
5. more Rights Management System of data as described in claim 1, it is characterised in that: further include dependent management systems, solely
Vertical management system is independently managed the task of absolute permission system.
6. more Rights Management System of data as claimed in claim 5, it is characterised in that: the bottom of the absolute permission system
Data are be kept absolutely secret demand data, the demand that is kept absolutely secret code.
7. more Rights Management System of data as claimed in claim 1 or 5, it is characterised in that: the Rights Management System and
The task of dependent management systems is managed by applying using management system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811625074.9A CN109766706A (en) | 2018-12-28 | 2018-12-28 | A kind of more Rights Management System of data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811625074.9A CN109766706A (en) | 2018-12-28 | 2018-12-28 | A kind of more Rights Management System of data |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109766706A true CN109766706A (en) | 2019-05-17 |
Family
ID=66451699
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811625074.9A Pending CN109766706A (en) | 2018-12-28 | 2018-12-28 | A kind of more Rights Management System of data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109766706A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070186102A1 (en) * | 2003-05-06 | 2007-08-09 | Ng Raymond K | Method and apparatus for facilitating fine-grain permission management |
| CN101178757A (en) * | 2007-11-23 | 2008-05-14 | 珠海博睿科技有限公司 | Right managing method and apparatus |
| CN105577423A (en) * | 2015-11-23 | 2016-05-11 | 江苏瑞中数据股份有限公司 | Real-time data center cluster management system |
| CN107342992A (en) * | 2017-06-27 | 2017-11-10 | 努比亚技术有限公司 | A kind of System right management method, apparatus and computer-readable recording medium |
| CN108111495A (en) * | 2017-12-13 | 2018-06-01 | 郑州云海信息技术有限公司 | A kind of authority control method and device |
-
2018
- 2018-12-28 CN CN201811625074.9A patent/CN109766706A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070186102A1 (en) * | 2003-05-06 | 2007-08-09 | Ng Raymond K | Method and apparatus for facilitating fine-grain permission management |
| CN101178757A (en) * | 2007-11-23 | 2008-05-14 | 珠海博睿科技有限公司 | Right managing method and apparatus |
| CN105577423A (en) * | 2015-11-23 | 2016-05-11 | 江苏瑞中数据股份有限公司 | Real-time data center cluster management system |
| CN107342992A (en) * | 2017-06-27 | 2017-11-10 | 努比亚技术有限公司 | A kind of System right management method, apparatus and computer-readable recording medium |
| CN108111495A (en) * | 2017-12-13 | 2018-06-01 | 郑州云海信息技术有限公司 | A kind of authority control method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| PH12021551089A1 (en) | Managing permissions to access user data in a distributed ledger trust network | |
| Provencher et al. | The externalities associated with the common property exploitation of groundwater | |
| CN104537488A (en) | Enterprise-level information system function authority unified management method | |
| CN108322432A (en) | A kind of mechanism application rights management method and service system based on tree-like tissue model | |
| CN102968599A (en) | User-defined access control system and method based on resource publisher | |
| Gupta et al. | The GURA G administrative model for user and group attribute assignment | |
| CN102882715B (en) | A kind of Rights Management System | |
| Tisdell | Equity and social justice in water doctrines | |
| CN104125219A (en) | Centralized identity and management method aiming at electric power information system | |
| US11621961B2 (en) | Method for managing a cloud computing system | |
| CN102611699A (en) | Method and system for access control in cloud operation system | |
| US20160335118A1 (en) | Mapping tenat groups to identity management classes | |
| CN105550854A (en) | Access control device of cloud environment management platform | |
| CN105046165A (en) | Network project platform hierarchy right control method | |
| CN104301149A (en) | Multi-data-center permission management method and system | |
| CN104680082A (en) | Data authority accessing control model | |
| CN110245031A (en) | Platform and method during a kind of AI service is open | |
| CN103778364B (en) | Management is set applied to the license of application | |
| CN109766706A (en) | A kind of more Rights Management System of data | |
| US20170220792A1 (en) | Constraining authorization tokens via filtering | |
| CN106874351A (en) | A kind of authority control method and equipment | |
| CN104376272A (en) | Cloud computing enterprise information system and user right setting method thereof | |
| CN102411689B (en) | Method for controlling authority of database administrator | |
| CN109784084B (en) | Data transaction method, device and system | |
| CN106126706B (en) | A kind of scope of resource control method of based role |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190517 |
|
| RJ01 | Rejection of invention patent application after publication |