Summary of the invention
Technical problems to be solved in this application are that existing block chain only supports simple rights management, are unable to satisfy user
Requirement to permission control provides a kind of based on block chain right management method and device.
In a first aspect, the embodiment of the present application provides a kind of block chain right management method, which comprises
Receive the access request for being directed to target account;The access request is for characterizing target account request access area
Block chain;
Obtain First ray file;The First ray file is used to indicate the first account body of the target account
Part the first account permission corresponding with the first account identity;The first account identity and the first account permission are user's roots
According to the first business demand autonomous configuration;
Intelligent contract is written into the mark of the target account, the first account identity and the first account permission
In.
Optionally, described to write the mark of the target account, the first account identity and the first account permission
Enter in intelligent contract, comprising:
Unserializing analysis is carried out to the First ray file, obtains the first account identity and first account
Family permission;
Intelligent contract is written into the mark of the target account, the first account identity and the first account permission
In.
Optionally, the method also includes:
Receive the data operation request for being directed to target account;The data operation request is for indicating that the target account is asked
It asks to the data performance objective operation in block chain;
Verify whether the target account has the permission for executing the object run by the intelligent contract;
If being verified, the target account is allowed to execute the object run.
Optionally, the method also includes:
Receive the second serializing file;The second serializing file is used to indicate the second account body of the target account
Part the second account permission corresponding with the second account identity;The second account identity and the second account permission are users according to
Two business demand autonomous configurations;
The mark of the target account, the second account identity and the second account permission the write-in intelligence are closed
In about;
The mode classification of the second account identity is different from the mode classification of the second account identity, and/or, it is described
The mode classification of second account permission is different from the mode classification of the first account permission.
Optionally, the First ray file, comprising:
Json formatted file, alternatively, xml formatted file.
Second aspect, the embodiment of the present application provide a kind of block chain rights management device, and described device includes:
First receiving unit, for receiving the access request for being directed to target account;The access request is described for characterizing
Target account request access block chain;
First acquisition unit, for obtaining First ray file;The First ray file is used to indicate the mesh
Mark the first account identity the first account permission corresponding with the first account identity of account;The first account identity and
One account permission is user according to the first business demand autonomous configuration;
First writing unit, for by the mark of the target account, the first account identity and first account
Permission is written in intelligent contract.
Optionally, first writing unit, is specifically used for:
Unserializing analysis is carried out to the First ray file, obtains the first account identity and first account
Family permission;
Intelligent contract is written into the mark of the target account, the first account identity and the first account permission
In.
Optionally, described device further include:
Second receiving unit, for receiving the data operation request for being directed to target account;The data operation request is used for
Indicate that the target account request operates the data performance objective in block chain;
Authentication unit, for verifying whether the target account has the execution object run by the intelligent contract
Permission;
Operation execution unit, if allowing the target account to execute the object run for being verified.
Optionally, described device further include:
Third receiving unit, for receiving the second serializing file;The second serializing file is used to indicate the mesh
Mark the second account identity the second account permission corresponding with the second account identity of account;The second account identity and the second account
Family permission is user according to the second business demand autonomous configuration;
Second writing unit, for by the mark of the target account, the second account identity and second account
In the permission write-in intelligent contract;
The mode classification of the second account identity is different from the mode classification of the second account identity, and/or, it is described
The mode classification of second account permission is different from the mode classification of the first account permission.
Optionally, the First ray file, comprising:
Json formatted file, alternatively, xml formatted file.
Compared with prior art, the embodiment of the present application has the advantage that
The embodiment of the present application provides a kind of block chain right management method and device, which comprises reception is directed to
The access request of target account;The access request is for characterizing the target account request access block chain;Obtain the first sequence
Columnization file;The First ray file be used to indicate the target account the first account identity and the first account body
The corresponding first account permission of part;The first account identity and the first account permission are that user is autonomous according to the first business demand
Configuration;The mark of the target account, the first account identity and the first account permission are written in intelligent contract.
It can be seen that in the embodiment of the present application, when target account requests access block chain, user such as administrator can be according to the
One business demand be target service autonomous configuration the first account identity and with the first account permission, and by the of target account
In one account identity and the intelligent contract of the first account permission write-in.That is, in the embodiment of the present application, can support
With the matched account authority configuration of business, meet demand of the user to account rights management, rather than as existing block chain that
Sample only supports simple rights management.
Specific embodiment
In order to make those skilled in the art more fully understand application scheme, below in conjunction in the embodiment of the present application
Attached drawing, the technical scheme in the embodiment of the application is clearly and completely described, it is clear that described embodiment is only this
Apply for a part of the embodiment, instead of all the embodiments.Based on the embodiment in the application, those of ordinary skill in the art exist
Every other embodiment obtained under the premise of creative work is not made, shall fall in the protection scope of this application.
Present inventor has found, in the prior art, either publicly-owned chain or alliance's chain after study, only supports
Support simple rights management.For example, publicly-owned chain can determine strategy according to relevant write-in permission, data write-in power is obtained
Limit, no reading permission determine strategy.Alliance's chain can carry out rights management based on certificate etc., can carry out to reading, write-in, label
The management of the simple permission such as name.And these simple permissions are unable to satisfy the requirement that user controls permission in practical application, example
Such as, it cannot achieve the operation such as inquiry to data traffic table.
To solve the above-mentioned problems, the embodiment of the present application provides a kind of block chain right management method and device, described
Method includes: to receive the access request for being directed to target account;The access request is for characterizing the target account request access
Block chain;Obtain First ray file;The First ray file is used to indicate the first account body of the target account
Part the first account permission corresponding with the first account identity;The first account identity and the first account permission are user's roots
According to the first business demand autonomous configuration;By the mark of the target account, the first account identity and first account
Permission is written in intelligent contract.It can be seen that in the embodiment of the present application, when target account requests access block chain, user
Such as administrator can according to the first business demand be target service autonomous configuration the first account identity and with the first account
Permission, and in the intelligent contract that the first account identity of target account and the first account permission are written.That is, at this
Apply embodiment in, can support with the matched account authority configuration of business, meet demand of the user to account rights management,
Rather than as existing block chain, simple rights management is only supported.
With reference to the accompanying drawing, the various non-limiting embodiments of the application are described in detail.
Illustrative methods
Referring to Fig. 1, which is a kind of flow diagram of block chain right management method provided by the embodiments of the present application.
Block chain right management method provided by the embodiments of the present application, can be applied to block catenary system.It is understood that
Being may include many nodes in block catenary system, and the node can be the node for being deployed in Intranet, or deployment
It can also be the node being deployed in internet in the node of local area network, the embodiment of the present application is not specifically limited.The application is real
The node in the block catenary system that example refers to is applied, block catenary system can be accessed as unit of individual node, it can also be with node
Cluster is that unit accesses block catenary system, and the embodiment of the present application is not specifically limited.
In the present embodiment, the method can for example be realized by following steps S101-S103.
S101: the access request for being directed to target account is received, the access request is for characterizing the target account request
Access block chain.
In the embodiment of the present application, target account can request access block by some node in block catenary system
Chain.
In the embodiment of the present application, it when target account requests access block chain, can be sent first to block catenary system
Access request, so that rights management process of the block catenary system starting to target account.
S102: First ray file is obtained;The First ray file is used to indicate the first of the target account
Account identity the first account permission corresponding with the first account identity;The first account identity and the first account permission are
User is according to the first business demand autonomous configuration.
In a kind of implementation of the embodiment of the present application, after block catenary system receives the access request, then
Backstage can choose generation prompting message, to prompt the permission of administrator configurations target account.In the another of the embodiment of the present application
In kind implementation, after block catenary system receives the access request, generation prompting message can choose from the background, to mention
Show that administrator ignores, is not specifically limited for the account identity and account permission, this example of target account distribution default.
In the embodiment of the present application, administrator can be target account according to practical business demand such as the first business demand
Configure the first account identity and the first account permission corresponding with the first account identity.Specifically, in the embodiment of the present application,
The administrator can embody the First ray file of the first account identity and the first account permission by editor, be mesh
It marks account and configures permission.
In the embodiment of the present application, the first account identity can be used for characterizing the account role of the target account,
The first account identity for example may include any one in group, branch company, part etc..
In the embodiment of the present application, the first account permission can be used to indicate that the industry that the target account can be supported
Business processing type, the first account permission for example may include: competence of auditor, grading permission, trading privilege, permission of transferring accounts with
And savings permission etc.;The first account permission can be used for characterizing the data manipulation that the target account can be supported,
The first account permission for example may include to the search access right of the business datum table in block chain and to industry in block chain
The write-in permission etc. for tables of data of being engaged in.
The embodiment of the present application does not limit the First ray file specifically, and the First ray file for example can be
Json formatted file, alternatively, xml formatted file.
S103: intelligence is written into the mark of the target account, the first account identity and the first account permission
In contract.
It in the embodiment of the present application, can be to described after the block catenary system obtains the First ray file
First ray file is parsed, to obtain the first account identity and the first account permission, thus by the target account
The mark at family, the first account identity and the first account permission are written in intelligent contract.
In the embodiment of the present application, S103 can be there are many implementation.In one possible implementation, Ke Yizhi
It connects and saves the First ray file into intelligent contract.It, can be to the First ray in another implementation
Change file and carry out unserializing analysis, the first account identity and the first account permission is obtained, thus by the target
The mark of account, the first account identity and the first account permission are written in intelligent contract.
In the embodiment of the present application, the mark of the target account can be used for target account described in unique identification.This Shen
Please embodiment do not limit the mark of the target account specifically, the mark of the target account for example may include the target account
The name on account at family.
As can be seen from the above description, a kind of block chain right management method provided by the embodiments of the present application, the method packet
It includes: receiving the access request for being directed to target account;The access request is for characterizing the target account request access block chain;
Obtain First ray file;The First ray file be used to indicate the first account identity of the target account with it is described
The corresponding first account permission of first account identity;The first account identity and the first account permission are users according to the first industry
Business demand autonomous configuration;The mark of the target account, the first account identity and the first account permission are written
In intelligent contract.It can be seen that in the embodiment of the present application, when target account requests access block chain, user is for example managed
Member can according to the first business demand be target service autonomous configuration the first account identity and with the first account permission, and will
In first account identity of target account and the intelligent contract of the first account permission write-in.That is, implementing in the application
In example, can support with the matched account authority configuration of business, meet demand of the user to account rights management, rather than such as
Existing block chain is such, only supports simple rights management.
In the embodiment of the present application, as it was noted above, the mark of target account, the first account identity and described first
Account permission is present in intelligent contract, when target account request executes operation to the data in block chain, Ke Yiyou
The intelligence contract verifies the permission of the target account, executes phase to the data so that whether the determination target account has
The permission that should be operated.
It referring to fig. 2, should be a kind of flow diagram of the method for Authority Verification provided by the embodiments of the present application.
The method of Authority Verification provided by the embodiments of the present application, such as can be realized with S201-S203 as follows.
S201: the data operation request for being directed to target account is received;The data operation request is for indicating the target
Account request operates the data performance objective in block chain.
The embodiment of the present application does not limit the object run specifically, and the object run for example may include corresponding to executing
Business, such as audit, grade, trading, transferring accounts, saving, in the inquiry to tables of data and the write operation to tables of data
Any one is combined.
S202: verify whether the target account has the permission for executing the object run by the intelligent contract.
S203: if being verified, the target account is allowed to execute the object run.
About S202-S203 it should be noted that in the embodiment of the present application, Authority Verification and intelligent contract have been contacted
Come, verified using permission of the intelligent contract to target account, whether verifying target account, which has, executes the object run
Permission.Specifically, the intelligent contract can verify target account according to the first account identity and the first account permission
Whether the permission that executes the object run is had.If the verification passes, then the target account is allowed to execute the target behaviour
Make, if being verified, the data operation request can be refused, the target account is not allowed to execute the object run.
In the conventional technology, in block catenary system the mode classification of the account identity of account and account permission mode classification
Once it is determined that can not then change, such as account identity is initially divided into " administrator " and " general user " two class identity, by account
Family delineation of power is " readable " and " writeable " two kinds of permissions, then account identity can only the choosing in " administrator " and " general user "
It selects, account permission can only select in " readable " and " writeable ", can not change.But in practical applications, business is often sent out
It is raw to change, if the mode classification of corresponding account identity and the mode classification of account permission are immutable, may not be able to adapt to
Business after change.
In consideration of it, in the embodiment of the present application, can also support the mode classification and account to the account identity of target account
The mode classification of family permission is modified.
Specifically, reference can be made to Fig. 3, the figure are a kind of process of method for modifying account permission provided by the embodiments of the present application
Schematic diagram.
The method can for example be realized with S301-S302 as follows.
S301: the second serializing file is received;The second serializing file is used to indicate the second of the target account
Account identity account permission corresponding with the second account identity;The second account identity and the second account permission be user according to
Second business demand autonomous configuration.
It should be noted that the second serializing file in the embodiment of the present application is similar with First ray file, it is described
Second serializing file can be for example json formatted file, alternatively, xml formatted file.Unlike, the First ray
File is used to indicate the first account identity the first account permission corresponding with the first account identity of the target account, and described
Second serializing file is used to indicate the second account identity the second account corresponding with the second account identity of the target account
Permission.
In the embodiment of the present application, the second account identity refers to modified account identity, about second account
The description of family identity, can be with reference to above for the description section of the first account identity, and and will not be described here in detail.
In the embodiment of the present application, the second account permission refers to modified account permission, about second account
The description of family permission, can be with reference to above for the description section of the first account permission, and and will not be described here in detail.
It is understood that in practical applications, when business demand changes, point of the account identity of target account
The mode classification of class mode and/or account permission may change, when business demand does not change, the account of target account
The mode classification of family identity and/or the mode classification of account permission are it can also happen that change.And the first account identity and the first account
Family permission is determined according to the first business demand, the account identity after changing i.e. the second account identity and is changed
Account permission i.e. the second account permission after change, is determined according to the second business demand.Therefore, first business demand
Can be identical as the second business demand, first business demand can also be different from the second business demand, the embodiment of the present application
It is not specifically limited.
In the embodiment of the present application, the mode classification to the account identity of target account and the mode classification of account permission into
When row modification, it is contemplated that in practice, it may be only that the mode classification of account identity is changed, and corresponding permission
Mode classification does not change;The classification for being also possible to only account permission is changed, and the classification of account identity
Mode does not change;It is also possible to the mode classification of account permission and the mode classification of account identity are changed.
It is understood that if only the mode classification of account identity is changed, the first account identity
Mode classification be different from the mode classification of the second account identity, the mode classification of the first account permission and the second account permission
Mode classification is different.If only the mode classification of account permission is changed, the classification side of the first account permission
Formula is different from the mode classification of the second account permission, the mode classification of the mode classification of the first account identity and the second account identity
It is identical.If the mode classification of account permission and the mode classification of account identity are changed, the first account identity
Mode classification be different from the mode classification of the second account identity, and the mode classification of the first account permission is different from the
The mode classification of two account permissions.
S202: will be described in the write-in of the mark of the target account, the second account identity and the second account permission
In intelligent contract.
The specific implementation of S302 is similar with S103, can after the block catenary system obtains the second serializing file
Directly the second serializing file to be written in intelligent contract, the second serializing file can also be parsed,
To obtain the second account identity and the second account permission, thus by the mark of the target account, the first account body
Part and the first account permission are written in intelligent contract.
Specifically, step S302 in specific implementation, can carry out unserializing analysis to the First ray file,
The first account identity and the first account permission are obtained, thus by the mark of the target account, first account
Identity and the first account permission are written in intelligent contract.
It can be seen that using the scheme of the embodiment of the present application, it not only can be according to specific business need autonomous configuration target
The account identity and account permission of account, can also the mode classification of account identity to target account and the classification of account permission
Mode changes, to improve block catenary system for the flexibility of rights management.
It should be noted that in the embodiment of the present application, when the account identity and account permission of target account change
When, if target account initiates data operation request, intelligent contract can be verified according to newest account identity and account permission
The permission of the target account, to determine whether that the target account executes the data behaviour of data operation request instruction
Make.
Example devices
Based on the block chain right management method that above embodiments provide, the embodiment of the present application also provides a kind of block chains
Rights management device introduces the device below in conjunction with attached drawing.
Referring to fig. 4, which is a kind of structural schematic diagram of block chain rights management device provided by the embodiments of the present application.
Block chain rights management device 400 provided by the embodiments of the present application, such as can specifically include:
First receiving unit 410, first acquisition unit 420 and the first writing unit 430.
First receiving unit 410, for receiving the access request for being directed to target account;The access request is for characterizing institute
State target account request access block chain;
First acquisition unit 420, for obtaining First ray file;The First ray file is used to indicate described
First account identity of target account the first account permission corresponding with the first account identity;The first account identity and
First account permission is user according to the first business demand autonomous configuration;
First writing unit 430, for by the mark of the target account, the first account identity and first account
Family permission is written in intelligent contract.
Optionally, first writing unit 430, is specifically used for:
Unserializing analysis is carried out to the First ray file, obtains the first account identity and first account
Family permission;
Intelligent contract is written into the mark of the target account, the first account identity and the first account permission
In.
Optionally, described device 400 further include:
Second receiving unit, for receiving the data operation request for being directed to target account;The data operation request is used for
Indicate that the target account request operates the data performance objective in block chain;
Authentication unit, for verifying whether the target account has the execution object run by the intelligent contract
Permission;
Operation execution unit, if allowing the target account to execute the object run for being verified.
Optionally, described device 400 further include:
Third receiving unit, for receiving the second serializing file;The second serializing file is used to indicate the mesh
Mark the second account identity the second account permission corresponding with the second account identity of account;The second account identity and the second account
Family permission is user according to the second business demand autonomous configuration;
Second writing unit, for by the mark of the target account, the second account identity and second account
In the permission write-in intelligent contract;
The mode classification of the second account identity is different from the mode classification of the second account identity, and/or, it is described
The mode classification of second account permission is different from the mode classification of the first account permission.
Optionally, the First ray file, comprising:
Json formatted file, alternatively, xml formatted file.
Since described device 400 is the corresponding device of method provided with above method embodiment, described device 400 it is each
The specific implementation of a unit is same design with above method embodiment, accordingly, with respect to each unit of described device 400
Specific implementation, can refer to above method embodiment description section, details are not described herein again.
As can be seen from the above description, a kind of block chain rights management device provided by the embodiments of the present application, described device packet
It includes: the first receiving unit, first acquisition unit and the first writing unit.First receiving unit is directed to target account for receiving
Access request;The access request is for characterizing the target account request access block chain;First acquisition unit, for obtaining
Take First ray file;The First ray file is used to indicate the first account identity and described the of the target account
The corresponding first account permission of one account identity;The first account identity and the first account permission are users according to the first business
Demand autonomous configuration;First writing unit, for by the mark of the target account, the first account identity and described
One account permission is written in intelligent contract.It can be seen that in the embodiment of the present application, when target account requests access block chain
When, user such as administrator can be target service autonomous configuration the first account identity and with the according to the first business demand
One account permission, and in the intelligent contract that the first account identity of target account and the first account permission are written.Namely
Say, in the embodiment of the present application, can support with the matched account authority configuration of business, meet user to account rights management
Demand only support simple rights management rather than as existing block chain.
Those skilled in the art after considering the specification and implementing the invention disclosed here, will readily occur to its of the application
Its embodiment.This application is intended to cover any variations, uses, or adaptations of the application, these modifications, purposes or
Person's adaptive change follows the general principle of the application and including the undocumented common knowledge in the art of the disclosure
Or conventional techniques.The description and examples are only to be considered as illustrative, and the true scope and spirit of the application are by following
Claim is pointed out.
It should be understood that the application is not limited to the precise structure that has been described above and shown in the drawings, and
And various modifications and changes may be made without departing from the scope thereof.Scope of the present application is only limited by the accompanying claims
The foregoing is merely the preferred embodiments of the application, not to limit the application, it is all in spirit herein and
Within principle, any modification, equivalent replacement, improvement and so on be should be included within the scope of protection of this application.