CN111881427A - Authorization method and device in railway engineering management system - Google Patents
Authorization method and device in railway engineering management system Download PDFInfo
- Publication number
- CN111881427A CN111881427A CN202010586047.6A CN202010586047A CN111881427A CN 111881427 A CN111881427 A CN 111881427A CN 202010586047 A CN202010586047 A CN 202010586047A CN 111881427 A CN111881427 A CN 111881427A
- Authority
- CN
- China
- Prior art keywords
- railway engineering
- authority
- project organization
- role
- engineering project
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000013475 authorization Methods 0.000 title claims abstract description 48
- 238000000034 method Methods 0.000 title claims abstract description 35
- 230000008520 organization Effects 0.000 claims abstract description 155
- 238000004590 computer program Methods 0.000 claims description 6
- 238000004891 communication Methods 0.000 description 5
- 238000010276 construction Methods 0.000 description 5
- 238000012546 transfer Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012797 qualification Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012800 visualization Methods 0.000 description 1
- 230000003245 working effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Train Traffic Observation, Control, And Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The embodiment of the invention provides an authorization method and an authorization device in a railway engineering management system, wherein the method comprises the steps of abstracting available pages and interfaces in the railway engineering management system into IT resources, and adding transferable attributes and authorized attributes to the IT resources, wherein the transferable attributes are used for representing that the IT resources can be transferred, and the authorized attributes are used for representing that the IT resources can be authorized; creating a new railway engineering project organization in the railway engineering management system, organizing the IT resources into resource packets according to the requirements of the new railway engineering project organization, and sending the resource packets to the new railway engineering project organization; and assigning a permission management role for the new railway engineering project organization, and adding permission to the permission management role. The embodiment of the invention enables the resources/authorities in the railway engineering management system to be distributed step by step.
Description
Technical Field
The invention relates to the technical field of railway engineering, in particular to an authorization method and an authorization device in a railway engineering management system.
Background
Most information management systems implement authentication and authorization of users, and RBAC (Role Based Access Control) is one of the most common rights management technologies in business systems. In RBAC, permissions are associated with roles, and users gain the permissions of the appropriate roles by becoming members of those roles. In an organization, roles are created to accomplish various tasks, and users are assigned corresponding roles according to their responsibilities and qualifications, and users can be easily assigned from one role to another. Roles can be given new permissions according to new requirements and system combination, and permissions can be recovered from a role according to needs.
However, this mode cannot meet the authority management requirements of the railway engineering management platform:
the railway engineering management platform is used for realizing the unified deployment and centralized management of a railway engineering construction information system, and the using units of the platform comprise: the system is a multi-tenant system comprising a China railway head office engineering management center, each railway engineering construction unit, units participating in design, construction, supervision, consultation and the like of railway engineering construction, and each operation and maintenance unit.
The authority of users in the RBAC mode is uniformly distributed by a system administrator, and project organization in a railway engineering management platform has the characteristics of complexity and variability and capability of establishing temporary project organization across companies at any time, so that the system administrator cannot know which authority is given to which user.
The authority of project organization in a railway engineering management platform needs to be authorized step by step, but the RBAC mode is a traditional distribution mechanism of single organization users, and the concept of resource packet distribution does not realize a transfer mechanism of the authority between the project organizations.
Generally, the user operation authority in the IT system is transferred from an upper layer organization to a lower layer organization step by step, so the authority owned by the upper layer organization is more than or equal to the authority of the lower layer organization, and the operation authority of the project organization in the railway engineering management platform is more than that of the upper layer organization because the upper layer organization only has a monitoring authority and the lower layer organization has a large number of operation authorities.
Disclosure of Invention
Embodiments of the present invention provide an authorization method and apparatus in a railway engineering management system that overcomes or at least partially solves the above-mentioned problems.
In a first aspect, an embodiment of the present invention provides an authorization method in a railway engineering management system, including:
abstracting available pages and interfaces in a railway engineering management system into IT resources, and adding transferable attributes and authorized attributes to the IT resources, wherein the transferable attributes are used for representing that the IT resources can be transferred, and the authorized attributes are used for representing that the IT resources can be authorized;
creating a new railway engineering project organization in the railway engineering management system, organizing the IT resources into resource packets according to the requirements of the new railway engineering project organization, and sending the resource packets to the new railway engineering project organization;
assigning a rights management role for the new railway engineering project organization, and adding the following rights to the rights management role:
the authority for reorganizing the resource package sent to the railway engineering project organization;
establishing the authority of a subordinate project organization of the railway engineering project organization;
creating the authority of the authority management role of the lower project organization; and
distributing the resource package to the authority of the subordinate project organization.
Further, the assigning a rights management role for the new railroad engineering project organization further comprises:
assigning an authority use role for the new railway engineering project organization;
correspondingly, the authorization method in the railway engineering management system further comprises the following steps:
and adding the authority for distributing the resource packet to the authority use role of the railway engineering project organization for the authority management role.
Further, the authorization method in the railway engineering management system further comprises:
adding the following rights to the rights management role:
and giving the current authority to the authority of the authority management role of other railway engineering project organizations.
Further, the authorization method in the railway engineering management system further comprises the following steps:
for any authority management role, acquiring other railway engineering project organizations of the upper level or the lower level of the railway engineering project organization where the authority management role is located;
and informing the authority management roles of the other railway engineering project organizations.
In a second aspect, an embodiment of the present invention provides an authorization apparatus in a railway engineering management system, including:
the resource attribute module is used for abstracting available pages and interfaces in the railway engineering management system into IT resources and adding transferable attributes and authorized attributes to the IT resources, wherein the transferable attributes are used for representing that the IT resources can be transferred, and the authorized attributes are used for representing that the IT resources can be authorized;
the organization creating module is used for creating a new railway engineering project organization in the railway engineering management system, organizing the IT resources into a resource packet according to the requirement of the new railway engineering project organization and sending the resource packet to the new railway engineering project organization;
the role creating module is used for assigning a permission management role for the new railway engineering project organization, and adding the following permissions to the permission management role:
the authority for reorganizing the resource package sent to the railway engineering project organization;
establishing the authority of a subordinate project organization of the railway engineering project organization;
creating the authority of the authority management role of the lower project organization; and
distributing the resource package to the authority of the subordinate project organization.
Further, the role creation module is further configured to:
assigning an authority use role for the new railway engineering project organization;
correspondingly, the authorization device in the railway engineering management system further comprises:
the authority distribution module is used for adding the authority for distributing the resource packet to the authority use role of the railway engineering project organization in which the authority management role is positioned
Further, the authorization device in the railway engineering management system further comprises:
a cross-organization assignment module for adding the following rights to the rights management role:
and giving the current authority to the authority of the authority management role of other railway engineering project organizations.
Further, the authorization device in the railway engineering management system further comprises:
the organization acquisition module is used for acquiring other railway engineering project organizations at the upper level or the lower level of the railway engineering project organization where the authority management role is located for any authority management role;
and the informing module is used for informing the authority management roles of other railway engineering project organizations.
In a third aspect, an embodiment of the present invention provides an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and the processor implements the steps of the method provided in the first aspect when executing the program.
In a fourth aspect, an embodiment of the present invention provides a non-transitory computer readable storage medium, on which a computer program is stored, which when executed by a processor, implements the steps of the method as provided in the first aspect.
The authorization method and the authorization device in the railway engineering management system provided by the embodiment of the invention assign the authority management role for the railway engineering project organization, the authority management role is the role which can transmit IT resources and authorize the IT resources in the railway engineering project organization, in particular, the authority for reorganizing the resource packet sent to the railway engineering project organization, the significance of the method is that the resource package distributed to the railway engineering project organization can be split and recombined, therefore, when a lower project organization is created, the recombined resource packet can be issued to the lower project organization, further, the authority management role of the embodiment of the invention can be created based on the authority of the authority management role of the lower project organization, this enables a hierarchical authorization, enabling a multi-level transfer of resource packages based on the right to distribute the resource packages to the subordinate project organizations. Because the railway engineering project organization at each level can carry out authorization and the transmission of the resource packet to the railway engineering project organization at the next level, the resources/authorities in the railway engineering management system can be distributed step by step.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
Fig. 1 is a flow chart illustrating an authorization method in a railway engineering management system according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of an authorization device in a railway engineering management system according to an embodiment of the present invention;
fig. 3 is a schematic physical structure diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a schematic flow chart of an authorization method in a railway engineering management system according to an embodiment of the present invention, as shown in fig. 1, including the following steps:
s101, abstracting an available page and an interface in a railway engineering management system into an IT (information technology) resource, and adding a transferable attribute and an authorized attribute to the IT resource, wherein the transferable attribute is used for representing that the IT resource can be transferred, and the authorized attribute is used for representing that the IT resource can be authorized;
it should be noted that the types and the number of the available pages and interfaces in the railway engineering management system are very large, the available pages refer to web pages that can be seen by a user after logging in the railway engineering management system, and the available pages are also web pages that show functions in the form of pages through a visualization technology. There are differences in the available pages that different users can see, as well as differences in the content presented in different available pages.
The Interface, i.e. the API Interface, is a predefined function or a convention for linking different components of the system. The goal is to provide applications and developers the ability to access a set of routines based on certain software or hardware without having to access native code or understand the details of the internal workings.
The embodiment of the invention abstracts the available page and the interface into the IT resource and adds two attributes, namely a transferable attribute and an authorized attribute, when the transferable attribute is distributed to the IT resource, the IT resource can be transferred to other roles in the system, and when the authorized attribute is distributed to the IT resource, the IT resource can be used by other roles simultaneously.
S102, creating a new railway engineering project organization in the railway engineering management system, organizing the IT resources into a resource packet according to the requirements of the new railway engineering project organization, and sending the resource packet to the new railway engineering project organization.
After step S101 is executed, a new railroad engineering project organization can be created, where the railroad engineering project organization is a cluster set for railroad engineering projects, and the cluster has many roles, and each natural person in actual railroad engineering construction corresponds to at least one role. Different railway engineering projects need different IT resources, so the embodiment of the invention organizes the IT resources into a resource packet according to the requirements of the railway engineering project organization and sends the resource packet to the railway engineering project organization.
S103, assigning a permission management role for the new railway engineering project organization, and adding the following permissions to the permission management role:
the authority for reorganizing the resource package sent to the railway engineering project organization;
establishing the authority of a subordinate project organization of the railway engineering project organization;
creating the authority of the authority management role of the lower project organization; and
authority to distribute resource packages to the subordinate project organization
The embodiment of the invention assigns a right management role for a railway engineering project organization, wherein the right management role is a role capable of transmitting IT resources and authorizing the IT resources in the railway engineering project organization, in particular, the right for reorganizing the resource packet sent to the railway engineering project organization, the significance of the method is that the resource package distributed to the railway engineering project organization can be split and recombined, therefore, when a lower project organization is created, the recombined resource packet can be issued to the lower project organization, further, the authority management role of the embodiment of the invention can be created based on the authority of the authority management role of the lower project organization, this enables a hierarchical authorization, enabling a multi-level transfer of resource packages based on the right to distribute the resource packages to the subordinate project organizations. Because the railway engineering project organization at each level can carry out authorization and the transmission of the resource packet to the railway engineering project organization at the next level, the resources/authorities in the railway engineering management system can be distributed step by step.
On the basis of the above embodiments, as an optional embodiment, the assigning a rights management role to the new railway engineering project organization further includes assigning a rights usage role to the new railway engineering project organization.
IT should be noted that the rights usage role is relative to the rights management role, and the rights usage role is a role that only uses the IT resource, but does not have rights to transfer and authorize the IT resource. The embodiment of the invention enriches the personnel architecture of the management system by appointing two authority management roles in the railway engineering project organization.
Further, the authorization method in the railway engineering management system according to the embodiment of the present invention further includes: and adding the authority for distributing the resource packet to the authority use role of the railway engineering project organization for the authority management role.
The authority management role in each railway engineering project organization in the embodiment of the invention can allocate the resource packet to the authority use role of the same organization. After the authority use role of the project organization is distributed with the resource packet, the menu of the corresponding function can be seen on the corresponding page, and corresponding operation is carried out.
On the basis of the foregoing embodiments, as an optional embodiment, the method for authorization in a railway engineering management system further includes:
adding the following rights to the rights management role:
and giving the current authority to the authority of the authority management role of other railway engineering project organizations.
It should be noted that, in the embodiment of the present invention, by adding the above-mentioned authority to the authority management role, it is possible to implement issuing a resource package across project organizations. Because one lower level project organization in the railway engineering management system can have a plurality of upper level project organizations, the embodiment of the invention can realize the requirement that the resource authority of the lower level organization is more than that of a single upper level.
On the basis of the above embodiments, the embodiments of the present invention further include:
for any authority management role, acquiring other railway engineering project organizations of the upper level or the lower level of the railway engineering project organization where the authority management role is located;
and informing the authority management roles of the other railway engineering project organizations.
The embodiment of the invention can facilitate the cross-organization authorization of the authority management role by informing the authority management role of the railway engineering project organization of other upper-level or lower-level authority management roles of other railway project organizations.
Fig. 2 is a schematic structural diagram of an authorization device in a railway engineering management system according to an embodiment of the present invention, and as shown in fig. 2, the authorization device in the railway engineering management system includes:
the resource attribute module 201 is used for abstracting available pages and interfaces in the railway engineering management system into IT resources, and adding transferable attributes and authorized attributes to the IT resources, wherein the transferable attributes are used for representing that the IT resources can be transferred, and the authorized attributes are used for representing that the IT resources can be authorized;
the organization creating module 202 is configured to create a new railway engineering project organization in the railway engineering management system, organize the IT resources into a resource package according to the requirement of the new railway engineering project organization, and send the resource package to the new railway engineering project organization;
the role creating module 203 is configured to assign a rights management role for the new railway engineering project organization, and add the following rights to the rights management role:
the authority for reorganizing the resource package sent to the railway engineering project organization;
establishing the authority of a subordinate project organization of the railway engineering project organization;
creating the authority of the authority management role of the lower project organization; and
distributing the resource package to the authority of the subordinate project organization.
The authorization device in the railway engineering management system provided in the embodiment of the present invention specifically executes the process of the above method embodiment, and for details, the contents of the authorization method embodiment in the railway engineering management system are described in detail, and are not described herein again. The authorization device in the railway engineering management system provided by the embodiment of the invention assigns a right management role for a railway engineering project organization, wherein the right management role is a role capable of transmitting IT resources and authorizing the IT resources in the railway engineering project organization, and specifically, has the right of reorganizing the resource packet sent to the railway engineering project organization, the significance of the method is that the resource package distributed to the railway engineering project organization can be split and recombined, therefore, when a lower project organization is created, the recombined resource packet can be issued to the lower project organization, further, the authority management role of the embodiment of the invention can be created based on the authority of the authority management role of the lower project organization, this enables a hierarchical authorization, enabling a multi-level transfer of resource packages based on the right to distribute the resource packages to the subordinate project organizations. Because the railway engineering project organization at each level can carry out authorization and the transmission of the resource packet to the railway engineering project organization at the next level, the resources/authorities in the railway engineering management system can be distributed step by step.
Further, the role creation module is further configured to:
assigning an authority use role for the new railway engineering project organization;
correspondingly, the authorization device in the railway engineering management system further comprises:
the authority distribution module is used for adding the authority for distributing the resource packet to the authority use role of the railway engineering project organization in which the authority management role is positioned
On the basis of the foregoing embodiments, as an optional embodiment, the authorization apparatus in the railway engineering management system further includes:
a cross-organization assignment module for adding the following rights to the rights management role:
endowing the current authority to the authority of authority management roles of other railway engineering project organizations
On the basis of the foregoing embodiments, as an optional embodiment, the authorization apparatus in the railway engineering management system further includes:
the organization acquisition module is used for acquiring other railway engineering project organizations at the upper level or the lower level of the railway engineering project organization where the authority management role is located for any authority management role;
a notifying module for notifying the authority management role of the other railway engineering project organization
Fig. 3 is a schematic entity structure diagram of an electronic device according to an embodiment of the present invention, and as shown in fig. 3, the electronic device may include: a processor (processor)310, a communication Interface (communication Interface)320, a memory (memory)330 and a communication bus 340, wherein the processor 310, the communication Interface 320 and the memory 330 communicate with each other via the communication bus 340. The processor 310 may invoke a computer program stored on the memory 330 and operable on the processor 310 to perform the authorization method in the railway engineering management system provided by the above embodiments, for example, including: abstracting available pages and interfaces in a railway engineering management system into IT resources, and adding transferable attributes and authorized attributes to the IT resources, wherein the transferable attributes are used for representing that the IT resources can be transferred, and the authorized attributes are used for representing that the IT resources can be authorized; creating a new railway engineering project organization in the railway engineering management system, organizing the IT resources into resource packets according to the requirements of the new railway engineering project organization, and sending the resource packets to the new railway engineering project organization; assigning a rights management role for the new railway engineering project organization, and adding the following rights to the rights management role: the authority for reorganizing the resource package sent to the railway engineering project organization; establishing the authority of a subordinate project organization of the railway engineering project organization; creating the authority of the authority management role of the lower project organization; and a right to distribute the resource package to the subordinate project organization.
In addition, the logic instructions in the memory 330 may be implemented in the form of software functional units and stored in a computer readable storage medium when the software functional units are sold or used as independent products. Based on such understanding, the technical solutions of the embodiments of the present invention may be essentially implemented or make a contribution to the prior art, or may be implemented in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the methods described in the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
An embodiment of the present invention further provides a non-transitory computer-readable storage medium, on which a computer program is stored, where the computer program is implemented by a processor to execute an authorization method in a railway engineering management system provided in the foregoing embodiments, for example, the method includes: abstracting available pages and interfaces in a railway engineering management system into IT resources, and adding transferable attributes and authorized attributes to the IT resources, wherein the transferable attributes are used for representing that the IT resources can be transferred, and the authorized attributes are used for representing that the IT resources can be authorized; creating a new railway engineering project organization in the railway engineering management system, organizing the IT resources into resource packets according to the requirements of the new railway engineering project organization, and sending the resource packets to the new railway engineering project organization; assigning a rights management role for the new railway engineering project organization, and adding the following rights to the rights management role: the authority for reorganizing the resource package sent to the railway engineering project organization; establishing the authority of a subordinate project organization of the railway engineering project organization; creating the authority of the authority management role of the lower project organization; and a right to distribute the resource package to the subordinate project organization.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. An authorization method in a railway engineering management system, comprising:
abstracting available pages and interfaces in a railway engineering management system into IT resources, and adding transferable attributes and authorized attributes to the IT resources, wherein the transferable attributes are used for representing that the IT resources can be transferred, and the authorized attributes are used for representing that the IT resources can be authorized;
creating a new railway engineering project organization in the railway engineering management system, organizing the IT resources into resource packets according to the requirements of the new railway engineering project organization, and sending the resource packets to the new railway engineering project organization;
assigning a rights management role for the new railway engineering project organization, and adding the following rights to the rights management role:
the authority for reorganizing the resource package sent to the railway engineering project organization;
establishing the authority of a subordinate project organization of the railway engineering project organization;
creating the authority of the authority management role of the lower project organization; and
distributing the resource package to the authority of the subordinate project organization.
2. The method of claim 1, wherein assigning a rights management role to the new railroad engineering project organization further comprises:
assigning an authority use role for the new railway engineering project organization;
correspondingly, the authorization method in the railway engineering management system further comprises the following steps:
and adding the authority for distributing the resource packet to the authority use role of the railway engineering project organization for the authority management role.
3. The method of authorization in a railway engineering management system of claim 1, further comprising:
adding the following rights to the rights management role:
and giving the current authority to the authority of the authority management role of other railway engineering project organizations.
4. The method of authorization in a railway engineering management system of claim 3, further comprising:
for any authority management role, acquiring other railway engineering project organizations of the upper level or the lower level of the railway engineering project organization where the authority management role is located;
and informing the authority management roles of the other railway engineering project organizations.
5. An authorization device in a railway engineering management system, comprising:
the resource attribute module is used for abstracting available pages and interfaces in the railway engineering management system into IT resources and adding transferable attributes and authorized attributes to the IT resources, wherein the transferable attributes are used for representing that the IT resources can be transferred, and the authorized attributes are used for representing that the IT resources can be authorized;
the organization creating module is used for creating a new railway engineering project organization in the railway engineering management system, organizing the IT resources into a resource packet according to the requirement of the new railway engineering project organization and sending the resource packet to the new railway engineering project organization;
the role creating module is used for assigning a permission management role for the new railway engineering project organization, and adding the following permissions to the permission management role:
the authority for reorganizing the resource package sent to the railway engineering project organization;
establishing the authority of a subordinate project organization of the railway engineering project organization;
creating the authority of the authority management role of the lower project organization; and
distributing the resource package to the authority of the subordinate project organization.
6. The apparatus of claim 5, wherein the role creation module is further configured to:
assigning an authority use role for the new railway engineering project organization;
correspondingly, the authorization device in the railway engineering management system further comprises:
and the authority distribution module is used for adding the authority for distributing the resource packet to the authority use role of the railway engineering project organization for the authority management role.
7. The apparatus for authority in a railway engineering management system of claim 5, further comprising:
a cross-organization assignment module for adding the following rights to the rights management role:
and giving the current authority to the authority of the authority management role of other railway engineering project organizations.
8. The apparatus for authority in a railway engineering management system of claim 7, further comprising:
the organization acquisition module is used for acquiring other railway engineering project organizations at the upper level or the lower level of the railway engineering project organization where the authority management role is located for any authority management role;
and the informing module is used for informing the authority management roles of other railway engineering project organizations.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor when executing the program performs the steps of the authorization method in the railway engineering management system according to any one of claims 1 to 4.
10. A non-transitory computer-readable storage medium storing computer instructions for causing a computer to perform the authorization method in the railway engineering management system according to any one of claims 1 to 4.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2020104032308 | 2020-05-13 | ||
| CN202010403230 | 2020-05-13 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111881427A true CN111881427A (en) | 2020-11-03 |
| CN111881427B CN111881427B (en) | 2024-05-28 |
Family
ID=73156906
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010586047.6A Active CN111881427B (en) | 2020-05-13 | 2020-06-23 | Authorization method and device in railway engineering management system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111881427B (en) |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070240231A1 (en) * | 2006-03-29 | 2007-10-11 | Haswarey Bashir A | Managing objects in a role based access control system |
| US20070283443A1 (en) * | 2006-05-30 | 2007-12-06 | Microsoft Corporation | Translating role-based access control policy to resource authorization policy |
| CN101478398A (en) * | 2009-01-07 | 2009-07-08 | 中国人民解放军信息工程大学 | Authorization management system oriented to resource management and establishing method |
| CN101951377A (en) * | 2010-09-21 | 2011-01-19 | 用友软件股份有限公司 | Hierarchical authorization management method and device |
| CN102053969A (en) * | 2009-10-28 | 2011-05-11 | 上海宝信软件股份有限公司 | Web ERP (enterprise resource planning) user right management system |
| CN102457377A (en) * | 2011-08-08 | 2012-05-16 | 中标软件有限公司 | Role-based web remote authentication and authorization method and system thereof |
| CN102761551A (en) * | 2012-07-09 | 2012-10-31 | 郑州信大捷安信息技术股份有限公司 | System and method for multilevel cross-domain access control |
| US20130104046A1 (en) * | 2011-10-21 | 2013-04-25 | International Business Machines Corporation | Role Engineering Scoping and Management |
| CN103605916A (en) * | 2013-12-06 | 2014-02-26 | 山东高速信息工程有限公司 | RBAC (Role-Based policies Access Control) accessing control model based on organization |
| CN105787317A (en) * | 2016-03-23 | 2016-07-20 | 中国电力科学研究院 | Permission control method based on multi-layer hierarchy system |
| CN105956833A (en) * | 2016-06-12 | 2016-09-21 | 中国十七冶集团有限公司 | Road construction enterprise application cloud platform and use method |
| CN106453395A (en) * | 2016-11-16 | 2017-02-22 | 航天信息股份有限公司 | Hierarchical management method and system for cloud platform resource access authorities |
| CN106570656A (en) * | 2016-11-11 | 2017-04-19 | 南京南瑞继保电气有限公司 | hierarchical authorization |
-
2020
- 2020-06-23 CN CN202010586047.6A patent/CN111881427B/en active Active
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070240231A1 (en) * | 2006-03-29 | 2007-10-11 | Haswarey Bashir A | Managing objects in a role based access control system |
| US20070283443A1 (en) * | 2006-05-30 | 2007-12-06 | Microsoft Corporation | Translating role-based access control policy to resource authorization policy |
| CN101478398A (en) * | 2009-01-07 | 2009-07-08 | 中国人民解放军信息工程大学 | Authorization management system oriented to resource management and establishing method |
| CN102053969A (en) * | 2009-10-28 | 2011-05-11 | 上海宝信软件股份有限公司 | Web ERP (enterprise resource planning) user right management system |
| CN101951377A (en) * | 2010-09-21 | 2011-01-19 | 用友软件股份有限公司 | Hierarchical authorization management method and device |
| CN102457377A (en) * | 2011-08-08 | 2012-05-16 | 中标软件有限公司 | Role-based web remote authentication and authorization method and system thereof |
| CN103890773A (en) * | 2011-10-21 | 2014-06-25 | 国际商业机器公司 | Role engineering scoping and management |
| US20130104046A1 (en) * | 2011-10-21 | 2013-04-25 | International Business Machines Corporation | Role Engineering Scoping and Management |
| CN102761551A (en) * | 2012-07-09 | 2012-10-31 | 郑州信大捷安信息技术股份有限公司 | System and method for multilevel cross-domain access control |
| CN103605916A (en) * | 2013-12-06 | 2014-02-26 | 山东高速信息工程有限公司 | RBAC (Role-Based policies Access Control) accessing control model based on organization |
| CN105787317A (en) * | 2016-03-23 | 2016-07-20 | 中国电力科学研究院 | Permission control method based on multi-layer hierarchy system |
| CN105956833A (en) * | 2016-06-12 | 2016-09-21 | 中国十七冶集团有限公司 | Road construction enterprise application cloud platform and use method |
| CN106570656A (en) * | 2016-11-11 | 2017-04-19 | 南京南瑞继保电气有限公司 | hierarchical authorization |
| CN106453395A (en) * | 2016-11-16 | 2017-02-22 | 航天信息股份有限公司 | Hierarchical management method and system for cloud platform resource access authorities |
Non-Patent Citations (4)
| Title |
|---|
| DAVID F FERRAIOLO 等: "A role-based access control model and reference implementation within a corporate intranet", ACM TRANSACTIONS ON INFORMATION AND SYSTEM SECURITY, vol. 2, no. 1, 1 February 1999 (1999-02-01), XP058222904, DOI: 10.1145/300830.300834 * |
| 蒋富伟;黄勤;刘益良;李楠;: "电子政务中基于角色的交叉集散授权策略", 信息安全与通信保密, no. 06, 28 June 2006 (2006-06-28) * |
| 郝文育, 蔡宗琰, 王宁生: "基于角色的访问权限控制在ERP系统中的应用", 机械科学与技术, no. 09, 30 September 2004 (2004-09-30) * |
| 郭歌;王万齐;刘北胜;: "面向行业云的铁路工程管理平台架构研究", 北京交通大学学报, no. 02 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111881427B (en) | 2024-05-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110519361B (en) | Container cloud platform multi-tenant construction method and device based on kubernets | |
| US10560330B2 (en) | Techniques for cloud control and management | |
| CN109688120B (en) | Dynamic authority management system based on improved RBAC model and Spring Security framework | |
| CN102947797B (en) | The online service using directory feature extending transversely accesses and controls | |
| CN110990150A (en) | Tenant management method and system of container cloud platform, electronic device and storage medium | |
| CN111259378B (en) | Multi-tenant management system and implementation method thereof | |
| CN112835977B (en) | Database management method and system based on block chain | |
| CN105022628A (en) | Extendable software application platform | |
| WO2016026320A1 (en) | Access control method and apparatus | |
| CN111062028A (en) | Authority management method and device, storage medium and electronic equipment | |
| CN112468537A (en) | Block chain network building structure based on local area network environment and data processing method | |
| CN105743887A (en) | Access control device of cloud computing platform | |
| CN114650170B (en) | Cross-cluster resource management method, device, equipment and storage medium | |
| CN111581650A (en) | Service system authority management method, system and electronic equipment | |
| CN107038633A (en) | A kind of method based on enterprise level service platform self-help tax pattern | |
| CN111752539B (en) | BI service cluster system and construction method thereof | |
| CN111881427A (en) | Authorization method and device in railway engineering management system | |
| CN115860702A (en) | Airplane development data reconstruction and mapping method | |
| CN113987462A (en) | Permission management platform based on container cloud computing | |
| CN105636031A (en) | Packet communication management method, apparatus and system | |
| CN110109731A (en) | The management method and system of virtual credible root under a kind of cloud environment | |
| Robinson et al. | Domain-based access control for distributed computing systems | |
| WO2023142070A1 (en) | Method for realizing cloud host permission linkage for cloud host and cloud bastion host | |
| CN106060032A (en) | User data integration and redistribution method and system | |
| CN115600185A (en) | Resource operation method and system of cloud native platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |