CN111353134B - Authority management method and system - Google Patents
Authority management method and system Download PDFInfo
- Publication number
- CN111353134B CN111353134B CN202010241230.2A CN202010241230A CN111353134B CN 111353134 B CN111353134 B CN 111353134B CN 202010241230 A CN202010241230 A CN 202010241230A CN 111353134 B CN111353134 B CN 111353134B
- Authority
- CN
- China
- Prior art keywords
- authority
- user
- type identifier
- setting
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000007726 management method Methods 0.000 title claims description 106
- 238000000034 method Methods 0.000 claims abstract description 37
- 230000006870 function Effects 0.000 claims description 59
- 238000004590 computer program Methods 0.000 claims description 10
- 238000012545 processing Methods 0.000 claims description 8
- 238000012986 modification Methods 0.000 claims description 5
- 230000004048 modification Effects 0.000 claims description 5
- 238000012795 verification Methods 0.000 claims description 5
- 238000012217 deletion Methods 0.000 claims description 4
- 230000037430 deletion Effects 0.000 claims description 4
- 230000008569 process Effects 0.000 description 11
- 238000010586 diagram Methods 0.000 description 6
- 230000003993 interaction Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 238000007792 addition Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000000638 solvent extraction Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a method and a system for managing authority, wherein the method comprises the following steps: setting a permission management table; the authority management table comprises a user ID, a type identifier and authority information corresponding to the type identifier; according to a login request initiated by a user, inquiring a user ID of the login request in a user table; prompting a user to register under the condition that the user ID is not inquired, adding a new user ID in a user table when the new user ID is obtained, and informing a manager to set the authority; setting a new user ID, a type identifier of the new user ID and authority information corresponding to the type identifier in an authority management table according to authority setting information input by a manager; when an authority editing instruction input by a manager is received, editing authority information corresponding to a user ID, a type identifier and a type identifier in an authority management table according to the authority editing instruction; the method and the system can make the authority management more flexible and convenient by setting the authority management table.
Description
Technical Field
The present invention relates to the field of rights management technologies, and in particular, to a method and a system for rights management.
Background
In the existing business system, the authority management is almost a module directly or indirectly related to each system or service, and the module is used for managing different users to have different operation authorities for different resources. The authority management ensures the safety of resources and data, and makes the classification of the resources and the division of labor of personnel more definite.
The authority management module has strong relevance with the whole service, and when a new service or a service is changed, the energy cannot be completely put on the service implementation, so that the adjustment of the authority usually consumes a great deal of energy. Therefore, a complete, canonical rights management system is necessary at the early stage of business system design. The traditional authority management system has the advantages of poor performance, simple authority logic, incapability of meeting the requirement of later-stage business adjustment and high maintenance cost. In addition, different authority management systems of different service systems are different, and an authority management framework needs to be redesigned, so that the development efficiency is reduced.
Therefore, a user right management scheme that can guarantee the logical relationship of rights, meet the requirements of business adjustment, and have flexible architecture modification is needed.
Disclosure of Invention
In order to solve the problems, the invention provides a method and a system for managing authority, wherein the method comprises the steps of setting type identifiers in an authority management table, respectively showing the corresponding relation between a user and a role, the corresponding relation between the user and the authority or the corresponding relation between the role and the authority, and when the corresponding relation changes, a manager only needs to modify the authority management table; the administrator can also add, modify or delete information in the rights management table by simple operations as needed.
In an embodiment of the present invention, a method for managing rights is provided, where the method includes:
setting a permission management table; the authority management table comprises a user ID, a type identifier and authority information corresponding to the type identifier;
according to a login request initiated by a user, inquiring a user ID of the login request in a user table;
prompting a user to register under the condition that the user ID is not inquired, adding a new user ID in the user table when the new user ID is obtained, and informing a manager to carry out permission setting;
setting the new user ID, the type identifier of the new user ID and the authority information corresponding to the type identifier in the authority management table according to the authority setting information input by the administrator;
and when an authority editing instruction input by a manager is received, editing the user ID, the type identifier and the authority information corresponding to the type identifier in the authority management table according to the authority editing instruction.
In another embodiment of the present invention, a rights management system is further provided, including:
the authority management table setting module is used for setting an authority management table; the authority management table comprises a user ID, a type identifier and authority information corresponding to the type identifier;
the login request processing module is used for inquiring the user ID of the login request in a user table according to the login request initiated by the user; prompting a user to register under the condition that the user ID is not inquired, adding a new user ID in the user table when the new user ID is obtained, and informing a manager to set the authority;
the authority setting module is used for setting the new user ID, the type identifier of the new user ID and the authority information corresponding to the type identifier in the authority management table according to the authority setting information input by the administrator;
and the authority editing module is used for editing the user ID, the type identifier and the authority information corresponding to the type identifier in the authority management table according to the authority editing instruction when receiving the authority editing instruction input by a manager.
In another embodiment of the present invention, a computer device is further provided, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, and the processor implements the rights management method when executing the computer program.
In another embodiment of the present invention, a computer-readable storage medium is also presented, which stores a computer program that, when executed by a processor, implements a method of rights management.
The authority management method and the authority management system can represent the user, the authority and the corresponding relation of the user and the authority in one table, when the relation changes, only the data table needs to be modified, and when the administrator needs to manage the authority, the requirement can be met only by simply adding, modifying or deleting the corresponding data in the table, so that the authority management is more flexible; in addition, when setting the authority, the user can directly correspond to a plurality of authorities and also can have a plurality of roles, and the authority of the user can be more conveniently managed according to the roles and the plurality of authorities.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart illustrating a rights management method according to an embodiment of the invention.
FIG. 2 is a diagram illustrating the contents of a rights management table according to an embodiment of the invention.
FIG. 3 is a diagram illustrating a new user's rights management interaction process according to an embodiment of the present invention.
FIG. 4 is a diagram illustrating an interaction process of rights management of an old user according to an embodiment of the present invention.
Fig. 5 is a flowchart illustrating a process of performing rights management by a manager according to an embodiment of the present invention.
FIG. 6 is a diagram of a rights management system according to an embodiment of the invention.
Fig. 7 is a schematic structural diagram of a computer device according to an embodiment of the present invention.
Detailed Description
The principles and spirit of the present invention will be described with reference to a number of exemplary embodiments. It is understood that these embodiments are given solely for the purpose of enabling those skilled in the art to better understand and to practice the invention, and are not intended to limit the scope of the invention in any way. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
As will be appreciated by one skilled in the art, embodiments of the present invention may be embodied as a system, apparatus, device, method, or computer program product. Accordingly, the present disclosure may be embodied in the form of: entirely hardware, entirely software (including firmware, resident software, micro-code, etc.), or a combination of hardware and software.
According to the embodiment of the invention, a method and a system for managing the authority are provided.
The principles and spirit of the present invention are explained in detail below with reference to several representative embodiments of the invention.
Fig. 1 is a flowchart illustrating a rights management method according to an embodiment of the invention. As shown in fig. 1, the method includes:
step S1, setting a right management table; the authority management table comprises a user ID, a type identifier and authority information corresponding to the type identifier.
Step S2, according to the login request initiated by the user, querying the user ID of the login request in the user table.
In a case where the user ID is not queried, step S3 is performed.
In the case where the user ID is queried, step S5 is performed.
And step S3, prompting the user to register when the user ID is not inquired, adding a new user ID in the user table when the new user ID is acquired, and informing a manager to set the authority.
Step S4, according to the authority setting information input by the administrator, add a new user ID to the authority management table and set a type identifier of the new user ID and authority information corresponding to the type identifier.
Step S5, under the condition of inquiring the user ID, judging whether the data authority and the function authority of the login request exist according to the authority information in the authority management table; wherein,
if yes, judging that the login request passes the verification, and allowing the user to perform the function use of the data;
and if not, rejecting the user to perform the function use of the data.
And step S6, when receiving an authority editing instruction input by a manager, editing the user ID, the type identifier and the authority information corresponding to the type identifier in the authority management table according to the authority editing instruction.
In order to explain the above rights management method more clearly, the following description is given with reference to specific embodiments.
In one embodiment, the invention can represent the type of the required relationship by setting one relationship, such as a user-role corresponding relationship, a user-authority corresponding relationship or a role-authority corresponding relationship. Thus, the corresponding relations are all shown in one table, and when the relations are changed, only the data table needs to be modified.
The method comprises the steps that type identification is set in a permission management table and is divided into a first type identification or a second type identification; wherein,
the authority information corresponding to the first type identification comprises: user information, data authority and function authority, or role information, data authority and function authority; the type identification can express a user-authority corresponding relation or a role-authority corresponding relation;
the authority information corresponding to the second type identifier comprises: user information and role information; the type identifier may indicate a user-role correspondence.
Based on the user-right correspondence provided by the "first type identifier" in this table, if it is an old user (there is a user ID in the right management table), it is possible to pay attention only to the data right and the function right, and ignore the function constraint of the role information.
In addition, the "first type identifier" may also provide a role-privilege correspondence; for example, for some users with role information set, the role information can be obtained through the "second type identifier", and then the corresponding data authority and function authority can be obtained through the role-authority corresponding relationship.
Specifically, referring to fig. 2, a content diagram of a rights management table according to an embodiment of the invention is shown. As shown in FIG. 2, in the table, the id columns are id information, such as 1-5, 7-14; the corresponding p _ type column is a type identifier, wherein the type identifier p (a first type identifier) represents a corresponding relationship of user-data authority-function authority or a corresponding relationship of role-data authority-function authority; the type identifier g (second type identifier) represents a user-role correspondence.
Taking id 1 as an example, the type identifier is p, the user information alice is recorded in the v0 column, the data authority data1 is recorded in the v1 column, and the function authority write is recorded in the v2 column.
In combination with id 9, the type identifier is g, the column v0 records user information 1, and the column v1 records role information role _ user, that is, the role is a common user; since the user information of id 9 is 1, the authority of id 9 is the same as that of id 1.
In view of id 10, the type identifier is p, role information role _ admin is recorded in v0 column, that is, the role is manager, data right/test/, is recorded in v1 column, and function right GET is recorded in v2 column.
In the table of fig. 2, functional authorities such as write, read, GET, POST, and the like are described in the v2 column, and correspond to write data, read data, acquire data, and commit data.
In a specific embodiment, the detailed process of setting the authority in step S4 includes:
adding a new user ID and a type identifier of the new user ID in the authority management table according to authority setting information input by a manager;
if the type identification of the new user ID is the first type identification, setting user information, data authority and function authority;
and if the type identifier of the new user ID is the second type identifier, setting user information and role information.
In an embodiment, in conjunction with step S6, the authority editing instruction may include a plurality of processing manners, such as role addition, authority modification, authority deletion, and the like, and the processing manners of authority editing are not limited thereto, and are only exemplary to list a few.
Further, according to the processing modes, the detailed process of performing authority editing includes:
when the authority editing instruction is used for adding roles, adding a user ID, setting the type identifier as a first type identifier, and setting corresponding role information, data authority and function authority;
when the authority editing instruction is used for authority modification, modifying the type identification, role information, data authority and/or function authority corresponding to the user ID;
and when the authority editing instruction is used for authority deletion, deleting role information, data authority or function authority corresponding to the user ID.
For a clearer explanation of the rights management method, the following description is made with reference to a plurality of specific embodiments, however, it should be noted that the embodiments are only for better explaining the present invention and should not be construed as limiting the present invention.
In a specific embodiment, as shown in fig. 3, the process of interacting rights management after initiating a login request for a new user includes:
step S301, a new user initiates a login request;
step S302, the authority management system receives a new user login request, reads a user table, and prompts a user to register because no user data exists in the user table;
step S303, registering the user;
step S304, after the user is successfully registered, the authority management system generates a user ID and enables the user to obtain the login authority.
After the user successfully logs in, other function rights are further distributed by the manager.
In an embodiment, a process of performing login and rights management interaction for an old user is shown in fig. 4, and the process includes:
step S401, the old user logs in and requests to use a function X;
step S402, the authority management system judges whether the user has the function authority X according to the authority management table;
step S403, if yes, the user can perform relevant operation of the function X through verification;
step S404, if not, rejecting the user, and the user cannot perform the operation related to the function X.
In an embodiment, as shown in fig. 5, a flowchart of performing rights management for a manager is shown. The process comprises the following steps:
step S501, a manager logs in an authority management system and inquires whether a user-authority corresponding relation exists;
step S502, if not, the manager can add a new user-right corresponding relation, for example, add the function right Y of the user to the data A;
the manager can also add new user-role correspondence, for example, add role R of the user; wherein, in the authority management table, a role R is set to correspond to a function authority Z for the data B; since the newly added user has the corresponding relationship of the role R, the newly added user also has the corresponding function permission Z for the data B.
In step S503, if yes, the administrator may modify the user 'S right or delete the user' S right.
Step S504, the authority management system changes the strategy file according to the instruction of the administrator, and the strategy file is stored in the CSV file in a code memory mode, or the strategy file can be directly read and modified.
Step S505, the manager may modify the function permission of the user, the role of the user, and the like in batches according to the system requirement.
By using the authority management method provided by the invention, for new users, the authority management effect is basically consistent, and the new users need to register and apply for the authority.
However, for the manager, when a new user is added, the use effect of the final user can be satisfied only by editing the user-right. The role of the user can be ignored, and the role of the user can be increased (role information is unnecessary). When the user authority is modified or deleted, no matter how slightly the role or the authority of the user changes, the change of the whole data table is not influenced.
For old users, as the authority management table is set, only the query result needs to be concerned, whether the function authority exists is judged, and the function constraint brought to the old users by the role can be directly ignored.
For developers, only one table needs to be set, and when the data base user and the logic corresponding to the authority are written, the addition, deletion, modification and check of the corresponding relation of each hierarchy do not need to be considered, the data base does not need to be read and written frequently, and the development logic is simplified.
Compared with the traditional authority management mode, the method needs two tables to show the corresponding relation of the user, the role, the data and the function authority; the authority management method of the invention only needs one data table. In addition, in the traditional authority management mode, a user must have a certain role to acquire all authorities corresponding to the role; the authority management table designed by the invention is more flexible, and a user does not need to set role information, can independently and directly correspond to a plurality of authorities, and also can have a plurality of roles and then correspond to a plurality of authorities.
It should be noted that although the operations of the method of the present invention have been described in the above embodiments and the accompanying drawings in a particular order, this does not require or imply that these operations must be performed in this particular order, or that all of the operations shown must be performed, to achieve the desired results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions.
Having described the method of an exemplary embodiment of the present invention, the rights management system of an exemplary embodiment of the present invention is next described with reference to fig. 6.
The implementation of the rights management system can refer to the implementation of the above method, and repeated details are not repeated. The term "module" or "unit" used hereinafter may be a combination of software and/or hardware that implements a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.
Based on the same inventive concept, the present invention further provides a rights management system, as shown in fig. 6, the system comprising:
a right management table setting module 610, configured to set a right management table; the authority management table comprises a user ID, a type identifier and authority information corresponding to the type identifier;
a login request processing module 620, configured to query, according to a login request initiated by a user, a user ID of the login request in a user table; prompting a user to register under the condition that the user ID is not inquired, adding a new user ID in the user table when the new user ID is obtained, and informing a manager to set the authority;
an authority setting module 630, configured to set the new user ID, the type identifier of the new user ID, and authority information corresponding to the type identifier in the authority management table according to authority setting information input by the administrator;
and the authority editing module 640 is configured to, when an authority editing instruction input by a manager is received, edit the user ID, the type identifier, and the authority information corresponding to the type identifier in the authority management table according to the authority editing instruction.
In an embodiment, the type identifier in the rights management table is a first type identifier or a second type identifier; wherein,
the authority information corresponding to the first type identification comprises: user information, data authority and function authority, or role information, data authority and function authority;
the authority information corresponding to the second type identifier comprises: user information and role information.
In an embodiment, the login request processing module 620 is further configured to: under the condition that the user ID is inquired, judging whether the data authority and the function authority of the login request exist or not according to the authority information in the authority management table; if yes, judging that the login request passes the verification, and allowing the user to perform the function use of the data; and if not, rejecting the user to perform the function use of the data.
In an embodiment, the permission setting module 630 is specifically configured to:
adding a new user ID and a type identifier of the new user ID in the authority management table according to authority setting information input by a manager;
if the type identification of the new user ID is the first type identification, setting user information, data authority and function authority;
and if the type identifier of the new user ID is the second type identifier, setting user information and role information.
In an embodiment, the permission editing module 640 is specifically configured to:
when the authority editing instruction is a role adding instruction, adding a user ID, setting the type identifier as a first type identifier, and setting corresponding role information, data authority and function authority;
when the authority editing instruction is an authority modifying instruction, modifying the type identification, role information, data authority and/or function authority corresponding to the user ID;
and when the authority editing instruction is an authority deleting instruction, deleting role information, data authority or function authority corresponding to the user ID.
It should be noted that although several modules of the rights management system are mentioned in the above detailed description, such partitioning is merely exemplary and not mandatory. Indeed, the features and functionality of two or more of the modules described above may be embodied in one module according to embodiments of the invention. Conversely, the features and functions of one module described above may be further divided into embodiments by a plurality of modules.
Based on the aforementioned inventive concept, as shown in fig. 7, the present invention further provides a computer device 700, which includes a memory 710, a processor 720, and a computer program 730 stored on the memory 710 and executable on the processor 720, wherein the processor 720 implements the aforementioned rights management method when executing the computer program 730.
Based on the foregoing inventive concept, the present invention also provides a computer-readable storage medium storing a computer program, which when executed by a processor implements the foregoing rights management method.
The authority management method and the authority management system can represent the user, the authority and the corresponding relation of the user and the authority in one table, when the relation changes, only the data table needs to be modified, and when the administrator needs to manage the authority, the requirement can be met only by simply adding, modifying or deleting the corresponding data in the table, so that the authority management is more flexible; in addition, when setting the authority, the user can directly correspond to a plurality of authorities and also can have a plurality of roles, and the authority of the user can be more conveniently managed according to the roles and the plurality of authorities.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In the description of the present invention, "a plurality" means two or more unless specifically defined otherwise.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, units, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and alternate implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.
The logic and/or steps represented in the flowcharts or otherwise described herein, e.g., an ordered listing of executable instructions that can be considered to implement logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
The computer readable medium described in embodiments of the present invention may be a computer readable signal medium or a computer readable storage medium or any combination of the two. More specific examples (a non-exhaustive list) of the computer-readable storage medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable read-only memory (CDROM). Additionally, the computer-readable storage medium may even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.
In embodiments of the present invention, a computer readable signal medium may comprise a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, input method, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, Radio Frequency (RF), etc., or any suitable combination of the preceding.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
The invention is not limited to the above alternative embodiments, and any other various forms of products can be obtained by anyone in the light of the present invention, but any changes in shape or structure thereof, which fall within the scope of the present invention as defined in the claims, fall within the scope of the present invention.
Claims (10)
1. A method of rights management, the method comprising:
setting a permission management table; the authority management table comprises a user ID, a type identifier and authority information corresponding to the type identifier; the type identification in the authority management table is a first type identification or a second type identification; wherein, the authority information corresponding to the first type identifier includes: user information, data authority and function authority, or role information, data authority and function authority; the authority information corresponding to the second type identifier comprises: user ID and role information with a first type of identification;
according to a login request initiated by a user, inquiring a user ID of the login request in a user table;
prompting a user to register under the condition that the user ID is not inquired, adding a new user ID in the user table when the new user ID is obtained, and informing a manager to carry out permission setting;
setting the new user ID, the type identifier of the new user ID and the authority information corresponding to the type identifier in the authority management table according to the authority setting information input by the administrator;
and when an authority editing instruction input by a manager is received, editing the user ID, the type identifier and the authority information corresponding to the type identifier in the authority management table according to the authority editing instruction.
2. The rights management method of claim 1, wherein the user ID of the login request is looked up in a user table according to the login request initiated by the user, further comprising:
under the condition that the user ID is inquired, judging whether the data authority and the function authority of the login request exist or not according to the authority information in the authority management table; if yes, judging that the login request passes the verification, and allowing the user to perform the function use of the data; and if not, rejecting the user to perform the function use of the data.
3. The right management method according to claim 1, wherein setting the new user ID, the type identifier of the new user ID, and the right information corresponding to the type identifier in the right management table according to the right setting information input by the administrator comprises:
adding a new user ID and a type identifier of the new user ID in the authority management table according to authority setting information input by a manager;
if the type identification of the new user ID is the first type identification, setting user information, data authority and function authority;
and if the type identifier of the new user ID is the second type identifier, setting user information and role information.
4. The method of claim 3, wherein when receiving an authority editing instruction input by a manager, editing the authority information corresponding to the user ID, the type identifier and the type identifier in the authority management table according to the authority editing instruction comprises:
when the authority editing instruction is used for adding roles, adding a user ID, setting the type identifier as a first type identifier, and setting corresponding role information, data authority and function authority;
when the authority editing instruction is used for authority modification, modifying the type identification, role information, data authority and/or function authority corresponding to the user ID;
and when the authority editing instruction is used for authority deletion, deleting role information, data authority or function authority corresponding to the user ID.
5. A rights management system, comprising:
the authority management table setting module is used for setting an authority management table; the authority management table comprises a user ID, a type identifier and authority information corresponding to the type identifier; the type identification in the authority management table is a first type identification or a second type identification; wherein, the authority information corresponding to the first type identifier includes: user information, data authority and function authority, or role information, data authority and function authority; the authority information corresponding to the second type identifier comprises: user ID and role information with a first type of identification;
the login request processing module is used for inquiring the user ID of the login request in a user table according to the login request initiated by the user; prompting a user to register under the condition that the user ID is not inquired, adding a new user ID in the user table when the new user ID is obtained, and informing a manager to set the authority;
the authority setting module is used for setting the new user ID, the type identifier of the new user ID and the authority information corresponding to the type identifier in the authority management table according to the authority setting information input by the administrator;
and the authority editing module is used for editing the user ID, the type identifier and the authority information corresponding to the type identifier in the authority management table according to the authority editing instruction when receiving the authority editing instruction input by a manager.
6. The rights management system of claim 5, wherein the login request processing module is further configured to: under the condition that the user ID is inquired, judging whether the data authority and the function authority of the login request exist or not according to the authority information in the authority management table; if yes, judging that the login request passes the verification, and allowing the user to perform the function use of the data; and if not, rejecting the user to perform the function use of the data.
7. The rights management system of claim 5, wherein the rights setting module is specifically configured to:
adding a new user ID and a type identifier of the new user ID in the authority management table according to authority setting information input by a manager;
if the type identification of the new user ID is the first type identification, setting user information, data authority and function authority;
and if the type identifier of the new user ID is the second type identifier, setting user information and role information.
8. The rights management system of claim 7, wherein the rights editing module is specifically configured to:
when the authority editing instruction is a role adding instruction, adding a user ID, setting the type identifier as a first type identifier, and setting corresponding role information, data authority and function authority;
when the authority editing instruction is an authority modifying instruction, modifying the type identification, role information, data authority and/or function authority corresponding to the user ID;
and when the authority editing instruction is an authority deleting instruction, deleting role information, data authority or function authority corresponding to the user ID.
9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any one of claims 1 to 4 when executing the computer program.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program which, when executed by a processor, implements the method of any of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010241230.2A CN111353134B (en) | 2020-03-31 | 2020-03-31 | Authority management method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010241230.2A CN111353134B (en) | 2020-03-31 | 2020-03-31 | Authority management method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111353134A CN111353134A (en) | 2020-06-30 |
| CN111353134B true CN111353134B (en) | 2022-04-05 |
Family
ID=71194728
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010241230.2A Active CN111353134B (en) | 2020-03-31 | 2020-03-31 | Authority management method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111353134B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111861804A (en) * | 2020-07-07 | 2020-10-30 | 中国建设银行股份有限公司 | Community management method, system, user terminal and management terminal |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104573478A (en) * | 2014-11-20 | 2015-04-29 | 深圳市远行科技有限公司 | User authority management system of Web application |
| CN104992118A (en) * | 2015-06-30 | 2015-10-21 | 北京奇虎科技有限公司 | Unified permission management method and system for multiple service systems |
| CN109598117A (en) * | 2018-10-24 | 2019-04-09 | 平安科技(深圳)有限公司 | Right management method, device, electronic equipment and storage medium |
| CN110084048A (en) * | 2019-03-22 | 2019-08-02 | 福建省农村信用社联合社 | A kind of implementation method of bank's unified user management |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9430665B2 (en) * | 2013-07-22 | 2016-08-30 | Siemens Aktiengesellschaft | Dynamic authorization to features and data in JAVA-based enterprise applications |
-
2020
- 2020-03-31 CN CN202010241230.2A patent/CN111353134B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104573478A (en) * | 2014-11-20 | 2015-04-29 | 深圳市远行科技有限公司 | User authority management system of Web application |
| CN104992118A (en) * | 2015-06-30 | 2015-10-21 | 北京奇虎科技有限公司 | Unified permission management method and system for multiple service systems |
| CN109598117A (en) * | 2018-10-24 | 2019-04-09 | 平安科技(深圳)有限公司 | Right management method, device, electronic equipment and storage medium |
| CN110084048A (en) * | 2019-03-22 | 2019-08-02 | 福建省农村信用社联合社 | A kind of implementation method of bank's unified user management |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111353134A (en) | 2020-06-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6826604B2 (en) | Input/output device information management system for multi-computer system | |
| CN106951430B (en) | Account table query method and device | |
| CN103067463B (en) | user root authority centralized management system and management method | |
| RU2419854C2 (en) | Template based service management | |
| US8015164B2 (en) | Information processing apparatus and information processing method | |
| CN106462430A (en) | Method and device for obtaining application upgrade packages | |
| CN111324606B (en) | Data slicing method and device | |
| WO2019041771A1 (en) | List segmentation method and apparatus, storage medium, and terminal | |
| CN110909373A (en) | Access control method, device, system and storage medium | |
| US20090048993A1 (en) | Implementation of operating system securing | |
| CN104598400A (en) | Peripheral equipment management method, device and system | |
| CN110659259A (en) | Database migration method, server and computer storage medium | |
| CN105721204A (en) | Firmware upgrading method and system for network adapters | |
| CN111353134B (en) | Authority management method and system | |
| CN117195185A (en) | User authority management method for graph database, electronic equipment and medium | |
| US20170206371A1 (en) | Apparatus and method for managing document based on kernel | |
| CN116702213A (en) | Service system data authority management method, device and equipment for multi-level enterprise | |
| CN113448939A (en) | Data archiving and storing method and device and storage medium | |
| CN107422991B (en) | Storage strategy management system | |
| CN115098297B (en) | Consistent snapshot generation method and system for cloud primary storage data volume | |
| CN112380411B (en) | Sensitive word processing method, device, electronic equipment, system and storage medium | |
| CN116303589A (en) | Workflow construction method, device, equipment and readable storage medium | |
| CN114254371A (en) | Data permission processing method and device and server | |
| CN114706526A (en) | Automatic capacity expansion method, system and equipment for cloud native storage data volume | |
| CN113220762A (en) | Method, device, processor and storage medium for realizing general record processing of key service field change in big data application |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220928 Address after: 25 Financial Street, Xicheng District, Beijing 100033 Patentee after: CHINA CONSTRUCTION BANK Corp. Address before: 25 Financial Street, Xicheng District, Beijing 100033 Patentee before: CHINA CONSTRUCTION BANK Corp. Patentee before: Jianxin Financial Science and Technology Co.,Ltd. |
|
| TR01 | Transfer of patent right |