CN111881475A - Method for selecting role authority based on authority association - Google Patents
Method for selecting role authority based on authority association Download PDFInfo
- Publication number
- CN111881475A CN111881475A CN202010729913.2A CN202010729913A CN111881475A CN 111881475 A CN111881475 A CN 111881475A CN 202010729913 A CN202010729913 A CN 202010729913A CN 111881475 A CN111881475 A CN 111881475A
- Authority
- CN
- China
- Prior art keywords
- authority
- role
- association
- user
- finally
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2458—Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/28—Databases characterised by their database models, e.g. relational or object models
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Software Systems (AREA)
- Mathematical Physics (AREA)
- Probability & Statistics with Applications (AREA)
- Fuzzy Systems (AREA)
- Computational Linguistics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a method for selecting role authority based on authority association, belonging to the field of information security. When the user role is created, the role authority is associated. And comparing and analyzing the selected role authority with the preset associated authority and basic authority of the role authority according to the selected role authority and the operation purpose, determining the final selected role authority for the user, and operating. The invention avoids the problem of selected role authority conflict when the user role is created, and simultaneously reduces the steps and time when the administrator creates the user role, and simplifies the operation process.
Description
Technical Field
The invention relates to the field of information security, in particular to a method for selecting role permission based on permission association.
Background
With the development of the internet, the network security attracts more and more attention. For content on a network, sometimes only a few people can view it, and sometimes some people are allowed to modify it. Therefore, management of access rights is an important part of network security. Rights management, as the name implies, a user can only access the resources for which he is entitled. In general, enterprise IT administrators are generally able to define roles for the system and assign roles to users. This is the most common role-based access control, i.e. role-based rights management. In many websites, there are also different user roles, and in creating each user role, the administrator needs to consider its permissions, so in a sense, the selection of permissions for different user role categories is the key to creating each user role. At present, each role is created by manual selection of an administrator, and the process is complicated.
In chinese patent application CN202856786U, a system for rights management is disclosed, which comprises a management server, an association server, a rights authentication server, a memory, a log storage device, and an update server. The data in the management server generates associated data through the associated server and stores the associated data in the memory, the authority authentication server performs user authentication through the data in the associated server, and the data in the management server is updated through the updating server and the data change is stored through the log storage device. The management server comprises a user management server, a role management server, a permission management server and a menu management server. The association server comprises a user role association server, a role authority association server and a role menu association server; the user role association server is connected with the user management server and the role management server, the role management server and the authority management server are connected with the role authority association server, and the role management server and the menu management server are connected with the role menu association server. The system uniformly authorizes a group of users with the same authority, sets role priority during role authorization, and solves the authorization problem of mutually exclusive roles; the system only solves the problem of authorization of users in the same group, and does not relate to the mutual exclusion of each role authority of the same user.
In chinese patent application CN107506658A, a method for managing user rights is disclosed, which comprises the following steps: a database is established in advance, wherein the database comprises a user role association table used for storing the corresponding relation between a user and a role, a role function authority association table used for storing the corresponding relation between the role and a function authority and a role data authority association table used for storing the corresponding relation between the role and a data authority, the function authority is used for determining an executable function, and the data authority is used for determining data allowed to be accessed; inquiring the user role association table to obtain roles corresponding to the online users; inquiring the role function authority association table according to the role corresponding to the online user so as to verify whether the function requested by the online user can be executed or not; and when the function requested by the online user can be executed, inquiring the role data authority association table according to the role corresponding to the online user to obtain the data authority corresponding to the online user. And when the function requested by the online user can be executed, extracting the associated display information in the resource table according to the function authority corresponding to the requested function. This application document discloses a role function authority association table of a correspondence relationship between roles and function authorities, but does not disclose how the association table is generated.
The prior art has at least the following disadvantages:
1. when the user role is created, the association of different authorities is not considered, so that the authority conflict, the authority misopening or the authority incompleteness of the same user can occur.
2. When the user role is created, the authorities need to be selected one by an administrator, and the operation is complex.
Disclosure of Invention
In order to solve the technical problems in the prior art, the invention provides a method for selecting role permission based on permission association. When the role is created, the role rights are associated, when one role right is selected, whether the right has the associated right or not is automatically judged, if yes, the associated right is automatically selected at the same time, and if not, only the right is selected. Therefore, the problem of selected role authority conflict is avoided when the user role is created, steps and time of an administrator when the user role is created are reduced, and the operation process is simplified.
The invention provides a method for selecting role authority based on authority association, which comprises the following steps:
s01: presetting role authority and basic authority included in a user management page;
s02: presetting default association authority of each role authority according to the role authority preset in the step S01;
s03: and according to the selected role authority and the operation purpose, comparing and analyzing the selected role authority with the preset default associated authority and basic authority of the role authority, determining the finally selected role authority for the user, and performing the operation.
Preferably, the role authority in step S01 includes: viewing, adding, editing, applying, authorizing and deleting authorization.
Preferably, the basic right is viewing.
Preferably, the default associated authority of the role authority in step S02 is set as follows: adding and editing association, editing and adding disassociation, applying and authorization management, applying and deleting authorization association, deleting authorization and authorization association and authorizing disassociation.
Preferably, the determining of the finally selected character authority in step S03 includes the steps of:
s031: if the operation is to add the selected role authority, selecting the currently selected authority and the default associated authority of the authority at the same time to obtain the finally selected role authority, and adding the finally selected role authority;
s032: if the operation is the role authority for canceling the selection, judging whether the currently selected authority is a basic authority: if the authority is the basic authority, all the selected role authorities are cancelled, and the process is ended;
if not, executing the following steps:
s0321: selecting a default associated authority of the currently selected authority, and removing a basic authority to obtain the authority to be cancelled;
s0322: acquiring the default associated authority of the authority to be cancelled obtained in the step S0321 to obtain the role authority to be cancelled finally;
s0323: removing the currently selected role authority from the finally cancelled role authority obtained in the step S0322 to obtain a finally selected authority and canceling the finally selected authority;
preferably, in step S01, the role authority included in the corresponding user management page is preset according to the user role type.
Preferably, an association table of the user role types and the permissions is generated according to the user role types.
Compared with the prior art, the invention has the following beneficial effects:
(1) the invention realizes the purpose of selecting the associated role authorities together by associating the role authorities when the roles are created, and avoids conflicts or incompleteness when the role authorities are selected.
(2) The invention realizes the selection of the associated role authorities together by associating the role authorities during the role creation, reduces the steps and time for an administrator to create the roles and simplifies the role creation process.
Drawings
FIG. 1 is a flow chart of a method for selecting role rights based on rights associations according to the present invention.
Detailed Description
The following describes in detail an embodiment of the present invention with reference to fig. 1.
The invention provides a method for selecting role authority based on authority association, which comprises the following steps:
s01: presetting role authority and basic authority included in a user management page;
s02: presetting default association authority of each role authority according to the role authority preset in the step S01;
s03: and according to the selected role authority and the operation purpose, comparing and analyzing the selected role authority with the preset default associated authority and basic authority of the role authority, determining the finally selected role authority for the user, and performing the operation.
As a preferred embodiment, the role authority in step S01 includes: viewing, adding, editing, applying, authorizing and deleting authorization.
As a preferred embodiment, the basic right is viewing.
As a preferred embodiment, the default associated authority of the role authority in step S02 is set as follows: adding and editing association, editing and adding disassociation, applying and authorization management, applying and deleting authorization association, deleting authorization and authorization association and authorizing disassociation.
As a preferred embodiment, the determination of the finally selected character authority in step S03 includes the following steps:
s031: if the operation is to add the selected role authority, selecting the currently selected authority and the default associated authority of the authority at the same time to obtain the finally selected role authority, and adding the finally selected role authority;
s032: if the operation is the role authority for canceling the selection, judging whether the currently selected authority is a basic authority: if the authority is the basic authority, all the selected role authorities are cancelled, and the process is ended;
if not, executing the following steps:
s0321: selecting a default associated authority of the currently selected authority, and removing a basic authority to obtain the authority to be cancelled;
s0322: acquiring the default associated authority of the authority to be cancelled obtained in the step S0321 to obtain the role authority to be cancelled finally;
s0323: and (4) removing the currently selected role authority from the finally cancelled role authority obtained in the step (S0322) to obtain a finally selected authority.
As a preferred embodiment, the role authority included in the corresponding user management page is preset according to the user role type in S01.
As a preferred embodiment, an association table of the user role types and the permissions is generated according to the user role types.
Example 1
According to a specific embodiment of the present invention, the present invention provides a method for selecting role rights based on rights association, comprising the following steps:
the invention provides a method for selecting role authority based on authority association, which comprises the following steps:
s01: presetting role authority and basic authority included in a user management page;
the role authority in step S01 includes: viewing, adding, editing, applying, authorizing and deleting authorization, wherein the basic authority is viewing.
In step S01, role permissions included in the corresponding user management page are preset according to the user role type, for example, for an ordinary user, the role permissions may include: viewing, editing and applying; for super members, role rights may include: checking, adding, editing and applying.
And generating an association table of the user role type and the authority according to the user role type.
S02: presetting default association authority of each role authority according to the role authority preset in the step S01;
the default association authority of the role authority in step S02 is set as follows: adding and editing association, editing and adding disassociation, applying and authorization management, applying and deleting authorization association, deleting authorization and authorization association and authorizing disassociation.
S03: and according to the selected role authority and the operation purpose, comparing and analyzing the selected role authority with the preset default associated authority and basic authority of the role authority, determining the finally selected role authority for the user, and performing the operation.
The determination of the finally selected character authority in step S03 includes the following steps:
s031: if the operation is to add the selected role authority, selecting the currently selected authority and the default associated authority of the authority at the same time to obtain the finally selected role authority, and adding the finally selected role authority;
s032: if the operation is the role authority for canceling the selection, judging whether the currently selected authority is a basic authority: if the authority is the basic authority, all the selected role authorities are cancelled, and the process is ended;
if not, executing the following steps:
s0321: selecting a default associated authority of the currently selected authority, and removing a basic authority to obtain the authority to be cancelled;
s0322: acquiring the default associated authority of the authority to be cancelled obtained in the step S0321 to obtain the role authority to be cancelled finally;
s0323: and (4) removing the currently selected role authority from the finally cancelled role authority obtained in the step (S0322) to obtain a finally selected authority.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.
Claims (7)
1. A method for selecting role authority based on authority association is characterized by comprising the following steps:
s01: presetting role authority and basic authority included in a user management page;
s02: presetting default association authority of each role authority according to the role authority preset in the step S01;
s03: and according to the selected role authority and the operation purpose, comparing and analyzing the selected role authority with the preset default associated authority and basic authority of the role authority, determining the finally selected role authority for the user, and performing the operation.
2. The method according to claim 1, wherein the role rights in step S01 include: viewing, adding, editing, applying, authorizing and deleting authorization.
3. The method of claim 2, wherein the base permission is a view.
4. The method according to claim 2, wherein the default associated authority of the role authority in step S02 is set as follows: adding and editing association, editing and adding disassociation, applying and authorization management, applying and deleting authorization association, deleting authorization and authorization association and authorizing disassociation.
5. The method of claim 2, wherein the step of determining the finally selected character authority in step S03 comprises the steps of:
s031: if the operation is to add the selected role authority, selecting the currently selected authority and the default associated authority of the authority at the same time to obtain the finally selected role authority, and adding the finally selected role authority;
s032: if the operation is the role authority for canceling the selection, judging whether the currently selected authority is a basic authority:
if the authority is the basic authority, all the selected role authorities are cancelled, and the process is ended;
if not, executing the following steps:
s0321: selecting a default associated authority of the currently selected authority, and removing a basic authority to obtain the authority to be cancelled;
s0322: acquiring the default associated authority of the authority to be cancelled obtained in the step S0321 to obtain the role authority to be cancelled finally;
s0323: and (4) removing the currently selected role authority from the finally cancelled role authority obtained in the step (S0322) to obtain a finally selected authority and cancelling the finally selected authority.
6. The method according to claim 1, wherein the role authority included in the corresponding user management page is preset according to the user role type in step S01.
7. The method of claim 6, wherein the association table of user role types and permissions is generated according to the user role types.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010729913.2A CN111881475B (en) | 2020-07-27 | 2020-07-27 | Method for selecting role authority based on authority association |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010729913.2A CN111881475B (en) | 2020-07-27 | 2020-07-27 | Method for selecting role authority based on authority association |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111881475A true CN111881475A (en) | 2020-11-03 |
CN111881475B CN111881475B (en) | 2021-04-16 |
Family
ID=73201558
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010729913.2A Active CN111881475B (en) | 2020-07-27 | 2020-07-27 | Method for selecting role authority based on authority association |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111881475B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112491987A (en) * | 2020-11-16 | 2021-03-12 | 珠海格力电器股份有限公司 | User permission configuration method, device, server and configuration system |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050132224A1 (en) * | 2003-12-15 | 2005-06-16 | International Business Machines Corporation | Collaborative computing community role mapping system and method |
CN101034990A (en) * | 2007-02-14 | 2007-09-12 | 华为技术有限公司 | Right management method and device |
CN101478536A (en) * | 2008-12-08 | 2009-07-08 | 山东浪潮齐鲁软件产业股份有限公司 | Method for solving access control in authority management |
CN101599116A (en) * | 2008-06-02 | 2009-12-09 | 中兴通讯股份有限公司 | A kind of method of controlling user to access pages |
CN102402663A (en) * | 2011-12-01 | 2012-04-04 | 浪潮电子信息产业股份有限公司 | Method for customizing role authorization in management information system |
WO2015168312A1 (en) * | 2014-04-30 | 2015-11-05 | Intuit Inc. | Method and system for providing reference architecture pattern-based permissions management |
CN105184144A (en) * | 2015-07-31 | 2015-12-23 | 上海玖道信息科技股份有限公司 | Multi-system privilege management method |
CN107742066A (en) * | 2017-09-18 | 2018-02-27 | 广东芬尼克兹节能设备有限公司 | Account authority configuring method, device, terminal device and computer-readable storage medium |
CN108280361A (en) * | 2017-01-05 | 2018-07-13 | 珠海金山办公软件有限公司 | A kind of authority classification management method and device |
US10346626B1 (en) * | 2013-04-01 | 2019-07-09 | Amazon Technologies, Inc. | Versioned access controls |
CN110598380A (en) * | 2019-08-23 | 2019-12-20 | 浙江大搜车软件技术有限公司 | User right management method, device, computer equipment and storage medium |
CN111428212A (en) * | 2020-04-15 | 2020-07-17 | 上海嘉银金融科技股份有限公司 | Data visualization system and data authority management method thereof |
-
2020
- 2020-07-27 CN CN202010729913.2A patent/CN111881475B/en active Active
Patent Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050132224A1 (en) * | 2003-12-15 | 2005-06-16 | International Business Machines Corporation | Collaborative computing community role mapping system and method |
CN101034990A (en) * | 2007-02-14 | 2007-09-12 | 华为技术有限公司 | Right management method and device |
CN101599116A (en) * | 2008-06-02 | 2009-12-09 | 中兴通讯股份有限公司 | A kind of method of controlling user to access pages |
CN101478536A (en) * | 2008-12-08 | 2009-07-08 | 山东浪潮齐鲁软件产业股份有限公司 | Method for solving access control in authority management |
CN102402663A (en) * | 2011-12-01 | 2012-04-04 | 浪潮电子信息产业股份有限公司 | Method for customizing role authorization in management information system |
US10346626B1 (en) * | 2013-04-01 | 2019-07-09 | Amazon Technologies, Inc. | Versioned access controls |
WO2015168312A1 (en) * | 2014-04-30 | 2015-11-05 | Intuit Inc. | Method and system for providing reference architecture pattern-based permissions management |
CN105184144A (en) * | 2015-07-31 | 2015-12-23 | 上海玖道信息科技股份有限公司 | Multi-system privilege management method |
CN108280361A (en) * | 2017-01-05 | 2018-07-13 | 珠海金山办公软件有限公司 | A kind of authority classification management method and device |
CN107742066A (en) * | 2017-09-18 | 2018-02-27 | 广东芬尼克兹节能设备有限公司 | Account authority configuring method, device, terminal device and computer-readable storage medium |
CN110598380A (en) * | 2019-08-23 | 2019-12-20 | 浙江大搜车软件技术有限公司 | User right management method, device, computer equipment and storage medium |
CN111428212A (en) * | 2020-04-15 | 2020-07-17 | 上海嘉银金融科技股份有限公司 | Data visualization system and data authority management method thereof |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112491987A (en) * | 2020-11-16 | 2021-03-12 | 珠海格力电器股份有限公司 | User permission configuration method, device, server and configuration system |
Also Published As
Publication number | Publication date |
---|---|
CN111881475B (en) | 2021-04-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7546633B2 (en) | Role-based authorization management framework | |
US10650158B2 (en) | System and method for secure file access of derivative works | |
US9805209B2 (en) | Systems and methodologies for managing document access permissions | |
CN108289098B (en) | Authority management method and device of distributed file system, server and medium | |
CN111181975B (en) | Account management method, device, equipment and storage medium | |
US11023603B2 (en) | Systems and methods for data sharing and transaction processing for high security documents | |
US6678682B1 (en) | Method, system, and software for enterprise access management control | |
CN113094055A (en) | Maintaining control over restricted data during deployment to a cloud computing environment | |
JP2003280990A (en) | Document processing device and computer program for managing document | |
US10834141B1 (en) | Service-level authorization policy management | |
WO2016026320A1 (en) | Access control method and apparatus | |
CN113468576B (en) | Role-based data security access method and device | |
US10673905B1 (en) | Service-level authorization policy management | |
US10616281B1 (en) | Service-level authorization policy management | |
CN111881475B (en) | Method for selecting role authority based on authority association | |
US7233949B2 (en) | System and method for controlling user authorities to access one or more databases | |
US20240007458A1 (en) | Computer user credentialing and verification system | |
CN113342775B (en) | Centralized multi-tenant as-a-service in a cloud-based computing environment | |
CN115208693B (en) | Security access control method and device based on micro-service | |
JP4723930B2 (en) | Compound access authorization method and apparatus | |
WO2021136075A1 (en) | Product license management method and system | |
US11777938B2 (en) | Gatekeeper resource to protect cloud resources against rogue insider attacks | |
KR102346480B1 (en) | A macro-based application account management system | |
US11868494B1 (en) | Synchronization of access management tags between databases | |
US20230177184A1 (en) | Selective security augmentation in source control environments |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |