CN111581634A - Authority management method of budget platform - Google Patents
Authority management method of budget platform Download PDFInfo
- Publication number
- CN111581634A CN111581634A CN202010299967.XA CN202010299967A CN111581634A CN 111581634 A CN111581634 A CN 111581634A CN 202010299967 A CN202010299967 A CN 202010299967A CN 111581634 A CN111581634 A CN 111581634A
- Authority
- CN
- China
- Prior art keywords
- role
- user
- management server
- dynamic
- time
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/12—Accounting
- G06Q40/125—Finance or payroll
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The invention relates to a method for managing the authority of a budget platform, which uses a static role tree to distribute authority roles for users, and gives dynamic roles to the users through the approval of superior roles when needed, thereby ensuring the safety of the authority distribution of the budget platform and improving the flexibility of the dynamic authority distribution.
Description
[ technical field ] A method for producing a semiconductor device
The invention belongs to the field of computers and security management, and particularly relates to a method for managing the authority of a budget platform.
[ background of the invention ]
Budget management is a plan for income and expenditure in a certain period of the future, which is required by group companies, social groups and national institutions, and a corresponding budget platform is established for facilitating budget management along with the development of computer informatization. The existing budget platform is similar to the authority management of a common computer system in the aspect of authority management, namely, a plurality of authorities are defined in advance, then corresponding authorities are given to each user, and after the user logs in, corresponding operation can be carried out based on the authority of the user. However, such a rights management mode is rigid, multiple users often need to operate together to complete a budget task, coordination among the users is required, and errors are prone to occur. If the ordinary user is endowed with excessive authority, the security is reduced. Therefore, there is a need in the art for a secure and efficient method for managing rights of a budget platform.
[ summary of the invention ]
In order to solve the above problems in the prior art, the present invention provides a rights management method for a budget platform.
The technical scheme adopted by the invention is as follows:
a method for managing the authority of budget platform, the said budget platform provides budget data management for the department of multilevel, and use the administrative server of the authority to provide the authority management, said method comprises the following steps:
step 100: the authority management server generates a static role tree with a corresponding structure based on the upper and lower level structures of the multi-level department; the static role tree is a multi-branch tree, and each department corresponds to a role node in the static role tree;
step 200: for each static role, the authority management server gives a corresponding role identifier to the static role according to the position of the authority management server on the static role tree;
step 300: when a user registers on a budget platform, the authority management server allocates corresponding static roles to the user according to the department to which the user belongs;
step 400: a user x sends a dynamic role allocation request to a user z through a budget platform to request to access data corresponding to a role y, wherein the dynamic role allocation request comprises a role identifier IDx of the user x and a role identifier IDy of the role y;
step 500: the authority management server acquires a role identifier IDz of a user z, and judges whether the role of the user z is a common ancestor node of the role x and the role y on the static role tree according to IDz, IDx and IDy; if not, the dynamic role allocation request is invalid, if so, the dynamic role allocation request is valid, and the subsequent steps are continuously executed;
step 600: a user z logs in a budget platform by using a client, approves the dynamic role allocation request and determines the effective deadline time of the dynamic role;
step 700: the client randomly generates a one-time dynamic role code R and calculates an allocation code H, namely:
h ═ Hash (IDx, IDy, R, time); wherein, the Hash is a Hash function;
step 800: the client generates a dynamic role allocation response message and sends the dynamic role allocation response message to the authority management server, wherein the dynamic role allocation response message comprises a four-tuple < R, H, time, IDy >, and the authority management server stores the four-tuple;
step 900: the user z informs the user x of the one-time dynamic role code R;
step 1000: a user x logs in a budget platform by using a client and inputs the one-time dynamic role code R;
step 1100: the client of the user x sends the disposable dynamic role code R to the authority management server, and the authority management server inquires corresponding quadruplets according to the disposable dynamic role code R, namely: < R, H, time, IDy >; if the corresponding quadruplet cannot be inquired, informing the client of the user x that the one-time dynamic role code R is invalid, otherwise, continuing to execute the subsequent steps;
step 1200: the authority management server judges whether the one-time dynamic role code R is valid or not according to the time, if the one-time dynamic role code R is invalid, the client side of the user x is informed that the one-time dynamic role code R is invalid, the quadruplet is deleted at the same time, and if the one-time dynamic role code R is valid, the subsequent steps are continuously executed;
step 1300: and the authority management server calculates H1 as Hash (IDx, IDy, R, time), judges whether H1 is equal to H, informs the client of the user x that the one-time dynamic role code R is invalid if the H1 is not equal to H, and gives the dynamic role y to the user x if the H1 is not equal to H.
Further, when the user x logs out, the authority management server withdraws the allocation of the dynamic role y and deletes the quadruple.
Further, in the step 200, firstly, the role identifier of the root node is set, and the child nodes of each node are numbered; except for the root node, the role identifier of each node is behind the role identifier of its parent node, connecting to its child node numbers.
Further, each role can access the data of the department and the department corresponding to the descendant nodes of the department according to the position of the role in the static role tree.
Further, in step 500, if the dynamic role assignment request is invalid, the rights management server directly deletes the request, and if valid, the rights management server stores the request in the request queue of user z.
Further, after the user z logs in the budget platform, the budget platform pushes a dynamic role allocation request to the client.
Further, R is a character string randomly generated by the client, and is composed of capital letters, lowercase letters and numbers.
Further, the rights management server does not store IDx and IDz in correspondence with the quadruple when storing the quadruple.
Further, user z sends R to user x through a messaging function of the budget platform, or informs user x of R through phone or mail.
Further, the authority management server scans all the quadruples in the database at regular time, and deletes all the failed quadruples based on the time in each quadruple.
The invention has the beneficial effects that: the method and the device improve the flexibility of dynamic authority allocation while ensuring the safety of the authority allocation of the budget platform.
[ description of the drawings ]
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, and are not to be considered limiting of the invention, in which:
FIG. 1 is a basic structure of the budget platform system of the present invention.
FIG. 2 is a static role tree of the present invention.
[ detailed description ] embodiments
The present invention will now be described in detail with reference to the drawings and specific embodiments, wherein the exemplary embodiments and descriptions are provided only for the purpose of illustrating the present invention and are not to be construed as limiting the present invention.
Referring to fig. 1, the basic structure of the budget platform system of the present invention is shown, and since the present invention only relates to the rights management of the budget platform, the basic structure diagram only shows the rights management server of the budget platform, and further includes the client used by the user.
The authority management server is used for managing the authority distribution of the budget platform and is the core server of the invention. The client is a device used for logging in the budget platform by the user, and after the user logs in, the client can be used for carrying out corresponding budget management operation. The client can be a personal computer or mobile equipment such as a smart phone.
The authority management of the invention adopts role distribution management, namely corresponding roles are distributed to different users, and each role has corresponding operation authority.
The allocation of roles is dependent on the application environment of the budget platform. Generally, a company, group or state organization using a budget platform includes multiple levels of departments; for example, the highest level is a corporate headquarters, the next level is branch offices, each of which in turn belongs to multiple headquarters, and so on. In summary, the highest level is defined as the level 1 department, the next level to the highest level is defined as the level 2 department, the next level is defined as the level 3 department, and so on. There are only 1 level 1 department, and there may be 1 or more level other departments. Therefore, a user of the budget platform can be abstracted into a multi-branch tree according to multiple levels of departments, wherein a level 1 department corresponds to a root node of the multi-branch tree (i.e., a level 1 node of the multi-branch tree), each department at level 2 corresponds to one of level 2 nodes of the multi-branch tree (i.e., a child node of the root node), a level 3 department corresponds to one of level 3 nodes of the multi-branch tree (i.e., a child node of the level 2 node), and so on. The connection relationship between the father node and the child node corresponds to the membership relationship between the upper and lower departments.
When a budget is formulated and managed, users in the same department assign the same role, and different departments assign different roles. For example, department a has two users: user A and user B, both user A and user B assign the same role A, while department B has user C, and user C assigns role B. That is, department a may be directly associated with role a, department B may be associated with role B, and since departments may have superior and inferior membership, roles may also have superior and inferior membership accordingly. The role assignment is defined in advance, and is not changed after being defined, so that the role assignment is called as a static role in the invention.
Since each department is assigned a corresponding static role, the department multi-way tree thus constructed actually constitutes the static role tree of the present invention. FIG. 2 illustrates an example of a static role tree of the present invention in which the highest role is role A of the root node, the next level is role B, C, D, role B also has next level role E, F, and role E has next level role G. The role A corresponds to the level 1 department A, has the highest authority and can access all budget data in the budget platform; the role B corresponds to the level 2 department B, and can access the budget data of the department B and also can access the budget data of the lower department E, F, G, besides, the role B cannot access the budget data of other departments; however, the role C has no subordinate department, and can only access the budget data of the department C, and similarly, the role D can only access the budget data of the department D, the role E can only access the budget data of the department E, G, the role F can only access the budget data of the department F, and the role G can only access the budget data of the department G. In summary, each role can access the data of the department and the department corresponding to the subordinate role according to the position of the role in the static role tree.
Thus, when a certain department formulates budget data, the users of the department store the budget data in the budget platform, and the budget platform corresponds the budget data to the role of the user (namely, the role corresponding to the department). The upper department can make a budget on the basis of the budget data of the lower department, so that the role of the upper department can access the budget data of the lower department. In summary, the budget data in the budget platform has its corresponding role, and if a user wants to access a certain budget data, the user either has the role corresponding to the budget data, or the user's role is an ancestor node of the role corresponding to the budget data in the static role tree.
Based on the above system structure and static role tree, the following describes the rights management method of the present invention in detail.
Step 100: and the authority management server generates a corresponding static role tree based on the department structure.
For the management of the whole budget platform data and users, a static role tree needs to be generated and stored in the rights management server when the budget platform is initialized. The department structure can be set by a manager of the budget platform, and the authority management server generates a corresponding static role tree according to the hierarchy and the membership of the department.
Step 200: for each static role, the rights management server assigns its corresponding role identifier based on its location on the static role tree.
Specifically, referring to an embodiment shown in fig. 2, first, the identifier of the static role a of the root node is set to 0; numbering is performed on each child node of the root node, namely each branch under the root node, as shown in fig. 2, the root node is respectively numbered as 1, 2 and 3, then the identifier of the role B is added with the branch number of the role a, namely the identifier of the role B is 01, and similarly, the identifier of the role C is 02, and the identifier of the role D is 03. Similarly, the bifurcation numbers of the two child nodes of role B are 1 and 2, the identifier of role E is 011, and the identifier of role F is 012. Similarly, the identifier of role G is 0111.
In summary, each node's role identifier is followed by the role identifier of its parent node, except for the root node, connecting its child node numbers.
Thus, once the role identifiers of two roles are compared, the relationship between them can be determined, e.g., whether one of the roles is an ancestor node of the other role can be determined. For example, if the identifier of role B is 01, the identifier of role G is 0111, and the first two digits of the identifier of role G are the same as the identifier of role B, then it can be determined that role B is an ancestor node of role G. That is, if the previous portion of one role identifier is the same as another role identifier, it can be determined that the other role is an ancestor node of the role.
Based on the designed role identifier, the judgment of the role relationship in the subsequent steps can be facilitated.
Step 300: when the user registers in the budget platform, the authority management server allocates the corresponding static role to the user according to the department to which the user belongs.
The main process of user registration is similar to that of the prior art, namely, a user uses a client to connect a budget platform, and inputs information of a user name, a password, a department to which the user belongs and the like on a registration interface of the budget platform to register, and the budget platform stores relevant registration information of the user to complete registration. The prior art of the specific registration process has already been described, and is not described herein again. The invention is mainly characterized in that the authority management server gives the user a static role corresponding to a department according to the department information input when the user registers. The related information of the user, including the role information, can be stored in the authority management server, so that the follow-up query is facilitated.
After the static role is assigned, the user can perform corresponding budget data management and operation, and as described above, the user can access data corresponding to the role of the department and data corresponding to descendant nodes of the own node in the static role tree.
However, in an actual process, sometimes a user needs to access data across departments, and taking fig. 2 as an example, a user of a role B may need to access data of a role C, and at this time, the user cannot operate by relying on a static role. Thus, the present invention provides a one-time dynamic role assignment.
The static role of the user x is set as the role x, which needs to access the data corresponding to the role y, but on the static role tree, the role x is not the ancestor node of the role y, so the user x does not have corresponding access right. At this time, the user x needs to make a request to the user z to request the user z to give the user z an authority to access the role y data, the role z of the user z should be an ancestor node common to the role x and the role y on the static role tree, that is, the user z has the upper-level authority of the role x and the role y at the same time, so that the dynamic role allocation can be performed on the role z and the role y given to the user x, and in this case, the role y given to the user x is called the dynamic role of the user x.
The authority of the dynamic role is one-time, that is, after obtaining the authority to use the role y, the user x can only use the authority at a certain login time, and once the user x logs out of the login, the dynamic role is invalid. The specific dynamic role allocation steps are as follows:
step 400: and a user x sends a dynamic role allocation request to a user z through a budget platform to request to access data corresponding to a role y, wherein the dynamic role allocation request comprises a role identifier IDx of the user x and a role identifier IDy of the role y.
Specifically, the budget platform may set a corresponding dynamic role request function, after a user x logs in the budget platform through a client using a registered user name and password, a target role y and a request target user z may be selected through the function, and then a dynamic role allocation request may be sent to the user z through the budget platform, and if the request is valid, the user z may see the request after logging in the budget platform.
Step 500: the authority management server acquires a role identifier IDz of a user z, and judges whether the role of the user z is a common ancestor node of the role x and the role y on the static role tree according to IDz, IDx and IDy; if not, the dynamic role allocation request is invalid, if so, the dynamic role allocation request is valid, and the subsequent steps are continuously executed.
For the role relationship determination, the relationship determination of the role identifier as described above may be adopted. Specifically, if IDz is the ancestor node of IDx, the previous portion of IDx should be the same as IDz, and similarly, if IDz is the ancestor node of IDy, the previous portion of IDy should also be the same as IDz. Thus, the rights management server can very conveniently perform the determination step of step 500.
If the dynamic role assignment request is invalid, the right management server can directly delete the request, and if the dynamic role assignment request is valid, the right management server can store the request in a request queue of a user z, so that the user z can see all dynamic role assignment requests in the request queue of the user z after logging in.
Step 600: and the user z logs in a budget platform by using a client, approves the dynamic role allocation request and determines the effective deadline time of the dynamic role.
Specifically, after a user z logs in a budget platform, the budget platform pushes a dynamic role allocation request to the client, and the user z determines whether to approve the request according to specific conditions.
The assigned dynamic role should have a validity period, so user z needs determine the dynamic role's validity expiration time, before which the assignment of the dynamic role is invalidated if user x has not used the dynamic role.
Step 700: the client randomly generates a one-time dynamic role code R and calculates an allocation code H, namely:
H=Hash(IDx,IDy,R,time)。
wherein, R is a code randomly generated by the client, and can be a character string consisting of capital letters, lowercase letters and numbers due to the subsequent input requirement. The Hash is a Hash function, and any Hash algorithm known in the art, such as SHA-1, MD5, etc., can be used. Thus, the assignment code H actually combines IDx, IDy, R, time to compute a hash value.
Step 800: the client generates a dynamic role allocation response message and sends the dynamic role allocation response message to the authority management server, wherein the dynamic role allocation response message comprises a four-tuple < R, H, time, IDy >, and the four-tuple is stored in the authority management server.
The dynamic role allocation response message is a response to the dynamic role allocation request, and in a specific implementation, the dynamic role allocation response message may carry an identifier corresponding to the dynamic role allocation request, so that the rights management server may identify which dynamic role allocation request the rights management server responds to.
It should be noted that when storing the quadruple, the rights management server does not store IDx and IDz corresponding to the quadruple, which may improve the security of role assignment to some extent.
Step 900: the user z informs the user x of the one-time dynamic role code R.
Specifically, the user z may send R to the user x through a message function of the budget platform, or may notify the user x of R through means outside the platforms such as telephone, email, etc., and the present invention does not limit the specific notification means.
Step 1000: and a user x logs in the budget platform by using a client and inputs the one-time dynamic role code R.
Specifically, the one-time dynamic role code R may be input while the user x logs in, or the one-time dynamic role code R may be input again when the user x needs to access the data of the role y after logging in, which depends on a specific system policy, and the present invention is not limited thereto.
Step 1100: the client of the user x sends the disposable dynamic role code R to the authority management server, and the authority management server inquires corresponding quadruplets according to the disposable dynamic role code R, namely: < R, H, time, IDy >; and if the corresponding quadruplet cannot be inquired, informing the client of the user x that the one-time dynamic role code R is invalid, otherwise, continuing to execute the subsequent steps.
As previously described, in step 800, the rights management server stores the four-tuple < R, H, time, IDy >, so if R is a legitimate one-time dynamic role code, the rights management server office can query its own database for the corresponding four-tuple. If the query is not received, the authority management server can send a message to the client of the user x to inform that the one-time dynamic role code R is invalid.
Step 1200: and the authority management server judges whether the one-time dynamic role code R is valid or not according to the time, if the one-time dynamic role code R is invalid, the client side of the user x is informed that the one-time dynamic role code R is invalid, the quadruplet is deleted at the same time, and if the one-time dynamic role code R is valid, the subsequent steps are continuously executed.
As previously mentioned, the time defines the validity deadline of the dynamic role, so the rights management server can determine whether the dynamic role's assignment has failed by comparing the time with the current time. In a specific implementation, the rights management server may also scan all quadruples in the database at regular time, and delete all failed quadruples based on the time in each quadruple.
Step 1300: and the authority management server calculates H1 as Hash (IDx, IDy, R, time), judges whether H1 is equal to H, informs the client of the user x that the one-time dynamic role code R is invalid if the H1 is not equal to H, and gives the dynamic role y to the user x if the H1 is not equal to H.
Based on the above steps, the right management server can confirm the identity of the user x through the user x logged in by the client, and then can confirm that the user x can obtain the dynamic role y according to the comparison between H1 and H. The dynamic role allocation ensures the security of the system and the flexibility of the system authority.
After obtaining the dynamic role y, the user x temporarily obtains the authority of the role y, and can access the data corresponding to the role y.
Finally, the dynamic role is one-time, so when user x logs off, the rights management server reclaims the assignment of the dynamic role y and deletes the quadruple.
The above description is only a preferred embodiment of the present invention, and all equivalent changes or modifications of the structure, characteristics and principles described in the present invention are included in the scope of the present invention.
Claims (10)
1. A method for managing the authority of a budget platform is characterized in that the budget platform provides budget data management for a plurality of levels of departments and provides authority management by using an authority management server, and the method comprises the following steps:
step 100: the authority management server generates a static role tree with a corresponding structure based on the upper and lower level structures of the multi-level department; the static role tree is a multi-branch tree, and each department corresponds to a role node in the static role tree;
step 200: for each static role, the authority management server gives a corresponding role identifier to the static role according to the position of the authority management server on the static role tree;
step 300: when a user registers on a budget platform, the authority management server allocates corresponding static roles to the user according to the department to which the user belongs;
step 400: a user x sends a dynamic role allocation request to a user z through a budget platform to request to access data corresponding to a role y, wherein the dynamic role allocation request comprises a role identifier IDx of the user x and a role identifier IDy of the role y;
step 500: the authority management server acquires a role identifier IDz of a user z, and judges whether the role of the user z is a common ancestor node of the role x and the role y on the static role tree according to IDz, IDx and IDy; if not, the dynamic role allocation request is invalid, if so, the dynamic role allocation request is valid, and the subsequent steps are continuously executed;
step 600: a user z logs in a budget platform by using a client, approves the dynamic role allocation request and determines the effective deadline time of the dynamic role;
step 700: the client randomly generates a one-time dynamic role code R and calculates an allocation code H, namely:
h ═ Hash (IDx, IDy, R, time); wherein, the Hash is a Hash function;
step 800: the client generates a dynamic role allocation response message and sends the dynamic role allocation response message to the authority management server, wherein the dynamic role allocation response message comprises a four-tuple < R, H, time, IDy >, and the authority management server stores the four-tuple;
step 900: the user z informs the user x of the one-time dynamic role code R;
step 1000: a user x logs in a budget platform by using a client and inputs the one-time dynamic role code R;
step 1100: the client of the user x sends the disposable dynamic role code R to the authority management server, and the authority management server inquires corresponding quadruplets according to the disposable dynamic role code R, namely: < R, H, time, IDy >; if the corresponding quadruplet cannot be inquired, informing the client of the user x that the one-time dynamic role code R is invalid, otherwise, continuing to execute the subsequent steps;
step 1200: the authority management server judges whether the one-time dynamic role code R is valid or not according to the time, if the one-time dynamic role code R is invalid, the client side of the user x is informed that the one-time dynamic role code R is invalid, the quadruplet is deleted at the same time, and if the one-time dynamic role code R is valid, the subsequent steps are continuously executed;
step 1300: and the authority management server calculates H1 as Hash (IDx, IDy, R, time), judges whether H1 is equal to H, informs the client of the user x that the one-time dynamic role code R is invalid if the H1 is not equal to H, and gives the dynamic role y to the user x if the H1 is not equal to H.
2. The method of claim 1, wherein when user x logs off, the rights management server reclaims the assignment of dynamic role y and deletes the quadruple.
3. The method according to any one of claims 1-2, wherein in step 200, the role identifier of the root node is set first, and the child nodes of each node are numbered; except for the root node, the role identifier of each node is behind the role identifier of its parent node, connecting to its child node numbers.
4. The method of any one of claims 1-3, wherein each role has access to data for the department and its descendant nodes based on its position in the static role tree.
5. The method according to any of claims 1-4, wherein in step 500, if the dynamic role assignment request is invalid, the rights management server directly deletes the request, and if valid, the rights management server stores the request in the request queue of user z.
6. The method of claim 1, wherein after the user z logs in the budget platform, the budget platform pushes a dynamic role allocation request to the client.
7. The method of claim 1, wherein R is a randomly generated character string by the client, and is composed of capital letters, lowercase letters and numbers.
8. The method of claim 1, wherein the rights management server does not store IDx and IDz in correspondence with the quadruple when storing the quadruple.
9. The method of claim 1, wherein user z sends R to user x through a messaging function of the budget platform or informs user x of R through a phone call or mail.
10. The method of claim 1, wherein the rights management server periodically scans all quadruples in the database and deletes all failed quadruples based on the time in each quadruple.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010299967.XA CN111581634B (en) | 2020-04-16 | 2020-04-16 | Authority management method of budget platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010299967.XA CN111581634B (en) | 2020-04-16 | 2020-04-16 | Authority management method of budget platform |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111581634A true CN111581634A (en) | 2020-08-25 |
| CN111581634B CN111581634B (en) | 2021-01-26 |
Family
ID=72111576
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010299967.XA Active CN111581634B (en) | 2020-04-16 | 2020-04-16 | Authority management method of budget platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111581634B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1885297A (en) * | 2006-06-02 | 2006-12-27 | 石杰 | Method for role-based access control model with precise access control strategy |
| CN103516680A (en) * | 2012-06-25 | 2014-01-15 | 上海博腾信息科技有限公司 | Authority management system of office system and realizing method thereof |
| CN104392159A (en) * | 2014-12-17 | 2015-03-04 | 中国人民解放军国防科学技术大学 | User on-demand authorization method capable of supporting least privilege |
| CN105303084A (en) * | 2015-09-24 | 2016-02-03 | 北京奇虎科技有限公司 | Privilege management system and method |
| CN109344601A (en) * | 2018-10-11 | 2019-02-15 | 四川大学 | A kind of role-security access control method and system |
| CN109948350A (en) * | 2019-01-18 | 2019-06-28 | 深圳市万睿智能科技有限公司 | A kind of hierarchical organization structure account authority distributing method and its system and storage medium |
| CN110750780A (en) * | 2019-10-16 | 2020-02-04 | 北京微星优财网络科技有限公司 | User role permission fusion method, device and equipment based on multi-service system |
-
2020
- 2020-04-16 CN CN202010299967.XA patent/CN111581634B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1885297A (en) * | 2006-06-02 | 2006-12-27 | 石杰 | Method for role-based access control model with precise access control strategy |
| CN103516680A (en) * | 2012-06-25 | 2014-01-15 | 上海博腾信息科技有限公司 | Authority management system of office system and realizing method thereof |
| CN104392159A (en) * | 2014-12-17 | 2015-03-04 | 中国人民解放军国防科学技术大学 | User on-demand authorization method capable of supporting least privilege |
| CN105303084A (en) * | 2015-09-24 | 2016-02-03 | 北京奇虎科技有限公司 | Privilege management system and method |
| CN109344601A (en) * | 2018-10-11 | 2019-02-15 | 四川大学 | A kind of role-security access control method and system |
| CN109948350A (en) * | 2019-01-18 | 2019-06-28 | 深圳市万睿智能科技有限公司 | A kind of hierarchical organization structure account authority distributing method and its system and storage medium |
| CN110750780A (en) * | 2019-10-16 | 2020-02-04 | 北京微星优财网络科技有限公司 | User role permission fusion method, device and equipment based on multi-service system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111581634B (en) | 2021-01-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11599668B2 (en) | Securing access to confidential data using a blockchain ledger | |
| US11509462B2 (en) | Secure data distribution protocol using blockchains | |
| US11418510B2 (en) | Systems, methods, and apparatuses for implementing a role based access control and authorization validator via blockchain smart contract execution using distributed ledger technology (DLT) | |
| US6192405B1 (en) | Method and apparatus for acquiring authorized access to resources in a distributed system | |
| US7620630B2 (en) | Directory system | |
| US8463819B2 (en) | Centralized enterprise security policy framework | |
| US7440962B1 (en) | Method and system for management of access information | |
| US9325721B2 (en) | Restricting access to objects created by privileged commands | |
| US20050060572A1 (en) | System and method for managing access entitlements in a computing network | |
| US20180176199A1 (en) | Secure shell public key audit system | |
| US7703667B2 (en) | Management and application of entitlements | |
| US20040024764A1 (en) | Assignment and management of authentication & authorization | |
| US20100299738A1 (en) | Claims-based authorization at an identity provider | |
| US20100306393A1 (en) | External access and partner delegation | |
| CN104751077A (en) | Access control method and device | |
| CN114424182A (en) | Block chain database management system | |
| CN112100585A (en) | Authority management method, device and storage medium | |
| CN111988173B (en) | Tenant management platform and tenant management method based on multi-layer father-son structure tenant | |
| Sari et al. | FileTribe: blockchain-based secure file sharing on IPFS | |
| Yoon et al. | Blockchain-based object name service with tokenized authority | |
| CN108683672B (en) | Authority management method and device | |
| CN111581634B (en) | Authority management method of budget platform | |
| CN116095081A (en) | Event processing method and device based on block chain system, equipment and medium | |
| CN116438778A (en) | Persistent source value of assumed alternate identity | |
| US11868494B1 (en) | Synchronization of access management tags between databases |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |