CN112364336A - Unified authority management method, device, equipment and computer readable storage medium for database - Google Patents

Unified authority management method, device, equipment and computer readable storage medium for database Download PDF

Info

Publication number
CN112364336A
CN112364336A CN202011294851.3A CN202011294851A CN112364336A CN 112364336 A CN112364336 A CN 112364336A CN 202011294851 A CN202011294851 A CN 202011294851A CN 112364336 A CN112364336 A CN 112364336A
Authority
CN
China
Prior art keywords
user
application system
platform application
unified
platform
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011294851.3A
Other languages
Chinese (zh)
Inventor
樊宇鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Aerospace Smart City System Technology Co ltd
Original Assignee
Shenzhen Aerospace Smart City System Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Aerospace Smart City System Technology Co ltd filed Critical Shenzhen Aerospace Smart City System Technology Co ltd
Priority to CN202011294851.3A priority Critical patent/CN112364336A/en
Publication of CN112364336A publication Critical patent/CN112364336A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Abstract

The application relates to the field of databases, and provides a unified authority management method, a unified authority management device, unified authority management equipment and a computer-readable storage medium of the databases, so as to realize unified, isolated, non-invasive and high-response authority management. The method comprises the following steps: the platform application system is accessed to the platform in a plug-and-play mode; performing unified authentication on users of the platform application system to access the platform application system after the unified authentication is passed; if the unified authentication of the user of the platform application system is successful, unified authority management is carried out on the user so as to grant the authority of the user for accessing the platform application system; and uniformly managing the user access platform application system in the background through a pre-designed management mode. The technical scheme of the application realizes unified, isolated, non-invasive and high-response authority management.

Description

Unified authority management method, device, equipment and computer readable storage medium for database
Technical Field
The present invention relates to the field of databases, and in particular, to a unified rights management method, apparatus, device, and computer-readable storage medium for a database.
Background
Currently, rights management based on relational databases, non-relational databases, and document-based databases have been able to meet the rights management requirements between various systems. In the prior art, a control table is generally modeled by a relational database and includes five parts, namely, right management, role right management, user right management, organization management and the like, wherein group right management includes four parts, namely, a user, an affiliated role, group right resources, and group total right resources, role right management includes three parts, namely, a user, a group, and role rights, user right management includes five parts, namely, an affiliated role, an affiliated group, user rights, user total right resources, and organization management, i.e., organization to which a user belongs is managed, and is shown in a tree structure, and organization management has functions, such as addition, deletion, modification, query and the like. Through the table structure, linked list operation is carried out, and control of user authority is achieved.
However, the above-mentioned conventional rights management system adopts a relational database structure, and performs a single analysis and judgment on all controlled objects in an intrusive manner, and the connection manner is single, and when the hierarchical rights are too many, the performance loss is serious, the data is redundant and complicated, and cannot be maintained, which is not beneficial to analyzing a complex rights relationship, and a safety problem of a weak right is not solved.
Disclosure of Invention
The application provides a unified authority management method, a unified authority management device and a computer readable storage medium of a database, so as to realize unified, isolated, non-invasive and high-response authority management.
In one aspect, the present application provides a unified rights management method for a database, including:
the platform application system is accessed to the platform in a plug-and-play mode;
performing unified authentication on the users of the platform application system to access the platform application system after the unified authentication is passed;
if the unified authentication on the user of the platform application system is successful, carrying out unified authority management on the user so as to grant the authority of the user for accessing the platform application system;
and uniformly managing the user access to the platform application system in the background through a pre-designed management mode.
On the other hand, the present application provides a unified rights management device for a database, comprising:
the access module is used for accessing the platform application system to the platform in a plug-and-play mode;
the authentication module is used for carrying out unified authentication on the users of the platform application system so as to access the platform application system after the unified authentication is passed;
the authority management module is used for carrying out unified authority management on the user if the unified authentication on the user of the platform application system is successful so as to grant the user the authority for accessing the platform application system;
and the service management module is used for uniformly managing the user access to the platform application system in the background through a pre-designed management mode.
In a third aspect, the present application provides an apparatus comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor implements the steps of the method according to the above technical solution when executing the computer program.
In a fourth aspect, the present application provides a computer-readable storage medium, in which a computer program is stored, which computer program, when being executed by a processor, carries out the steps of the method according to the above-mentioned solution.
According to the technical scheme provided by the application, the platform application system is accessed after the unified authentication is passed through by uniformly authenticating the users of the platform application system, if the unified authentication on the users of the platform application system is successful, the users are subjected to unified authority management to grant the authority of the users for accessing the platform application system, and the users are subjected to unified management on the platform application system in the background through a pre-designed management mode. Compared with the prior art, the technical scheme provided by the application has the advantages that the application bottom layer implementation logic does not need to be concerned, the expandability and the fault tolerance are high, the technology selection is flexible, unified authentication and related processing only need to be concerned with corresponding modules, other services do not need to be concerned, the development efficiency is high, the period is short, the bottom layer code of the original system does not need to be modified, only the authority part data of the system needs to be accessed, the expandability is high, the portability is high, all request data are processed through a unified gateway inlet, the filtering and intercepting invalid requests are realized, and meanwhile, the data structure of the tree can be displayed through the display layer.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flowchart of a unified rights management method for a database according to an embodiment of the present application;
FIG. 2 is a schematic diagram of mapping a unified identity of a user to a user account of a different platform application system according to an embodiment of the present application;
FIG. 3 is a schematic diagram of a hierarchical management and hierarchical authorization schema provided by an embodiment of the present application;
fig. 4 is a schematic structural diagram of a unified rights management apparatus for a database according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of an apparatus provided in an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
In this specification, adjectives such as first and second may only be used to distinguish one element or action from another, without necessarily requiring or implying any actual such relationship or order. References to an element or component or step (etc.) should not be construed as limited to only one of the element, component, or step, but rather to one or more of the element, component, or step, etc., where the context permits.
In the present specification, the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
The application provides a unified rights management method for a database, as shown in fig. 1, which mainly includes steps S101 to S104, as detailed below:
step S101: and the platform application system is accessed to the platform in a plug-and-play mode.
It should be noted that, in the embodiment of the present application, the platform application system refers to an application system accessed by a background of a unified identity management system (i.e., a platform). Specifically, in a plug-and-play manner, accessing the platform application system to the platform may be: by adopting a plug-in integration mode, a Single Sign On (SSO) authentication service and a platform application system carry out interactive verification On user information, and the platform application system passing the verification is accessed to the platform. The platform application system is accessed to the platform in a plug-and-play mode, namely, the platform application system can be used without modifying any existing B/S, C/S platform application system by simple configuration, and the problem of difficulty in implementing other SSO solutions at present is effectively solved. In the embodiment of the present Application, the plug-and-play SSO belongs to a tight coupling manner, and the tight coupling manner provides multiple Application Programming Interfaces (APIs), and the single sign-on can be implemented by calling the APIs. Further, the data transmission safety in the single sign-on process can be ensured through a safety channel.
Since the platform application systems have diversity, in the embodiment of the present application, the platform application systems access to the unified identity management system (platform), and therefore, before the platform application systems access to the platform, some preparation work needs to be performed, that is, the above embodiment further includes importing user information in the platform application systems, canceling previous login modes of the platform application systems, and standardizing or unifying login entry modes of the access platform before the platform application systems access to the platform. The reason why the user information in the platform application system is imported before the platform application system is accessed into the platform is that the unified user information is collected and initialized, which is the premise of realizing the integrated authentication, the previous login mode of the platform application system is cancelled, and the standardized or unified login entry mode of the access platform specifically means that the original login mode of each platform application system needs to be cancelled, and each platform application system needs to be correspondingly developed and modified according to the interface specification requirements of the unified authentication. However, there is no uniform requirement for storing the rights management data of each platform application system, that is, each platform application system can selectively place the rights management data to the uniform identity management system, and can also retain the original rights management mode of each platform application system to process the rights management data.
It should be noted that, in order to ensure data consistency of the entire system and prevent data collision, in the embodiment of the present application, once the unified identity management system is enabled, the unified identity management system prohibits each platform application system accessing to the unified identity management system from performing user data entry operation.
Step S102: and uniformly authenticating the users of the platform application system so as to access the platform application system after the uniform authentication is passed.
As an embodiment of the present application, performing unified authentication on a user of a platform application system to access the platform application system after the unified authentication is passed may be implemented by the following steps S1021 and S1022:
step S1021: and authenticating users with different identification types in the platform application system as users with uniform identifications.
In the embodiment of the application, the identification types held by the user can be divided into a digital certificate and a non-digital certificate, namely the user can be a digital certificate user and a non-digital certificate user, the platform user certificate serial number is unique for the digital certificate user, and the platform user pass (passport) is unique for the non-digital certificate user; both the platform user certificate serial number and the platform user pass can be authenticated as a unified identity, i.e., users holding different identity types can be authenticated as users having a unified identity.
Step S1022: and mapping the unified identification of the user to user accounts of different platform application systems so as to access the corresponding platform application systems by using the mapped user accounts.
As shown in fig. 2, after the users with different identifier types in the platform application systems are authenticated as users with uniform identifiers, the uniform identifiers of the users may be further mapped to user accounts of different platform application systems, so that the mapped user accounts may be used to access the corresponding platform application systems.
Through the operations of step S1021 and step S1022 in the above embodiment, it is obvious that, on one hand, a user can access multiple platform application systems through SSO only by logging in once, and does not need to log in each platform application system one by one, and the user name and password of each platform application system may be different, however, when implementing single sign-on, it is not necessary to modify each platform application system; on the other hand, when one platform application system needs to be added, only the mapping relation between the unified identification (namely the platform user certificate serial number or the platform user pass) and the user account of the added platform service system needs to be added, so that the problems of user cross and different user accounts among different platform application systems during login authentication are solved.
Step S103: and if the unified authentication of the user of the platform application system is successful, carrying out unified authority management on the user so as to grant the authority of the user for accessing the platform application system.
In consideration of the permission granted to the user to access the platform application system, the basis is the unified management of the user, and for the user newly registered in the user information base, the role, the access permission to the platform application system and the operation permission to the platform application system can be distributed to the user in an automatic authorization or manual authorization mode, so that the authorization of the user to access the platform application system is completed; if the user is deleted in the user information base, the corresponding authorization information is also deleted. As an embodiment of the present application, if the unified authentication of the user of the platform application system is successful, the unified authority management is performed on the user, so as to grant the authority of the user to access the platform application system, which is implemented by the following steps S1031 and S1032, and the following description is provided:
step S1031: and setting authorization information for the user according to the user information of the user, wherein the authorization information comprises the role assigned by the user and the authority corresponding to the role.
In the embodiment of the present application, the user information of the user includes registration information of the user, changed content of the user information, logout information of the user, and the like. Through the authority management system, the user information of the newly added (or cancelled) user is automatically acquired, and the default authority and the role are automatically allocated (or deleted) for the user according to the setting, and of course, an administrator can adjust the batch authorization of the user corresponding to the role or directly adjust the authorization of a single user based on the role. It should be noted that the authorization information may be recorded in a user attribute certificate or a user information base, such as a relational database, a Lightweight Directory Access Protocol (LDAP) Directory service, and so on.
Step S1032: and when the user after the unified authentication is passed logs in the platform application system, checking the authorization information set for the user and sending the authorization information to the platform application system.
When the user after the unified authentication is logged in the platform application system, the validity of the authorization information set for the user can be checked, and meanwhile, the authorization information can be sent to the platform application system. If the authorization information meets the authority requirement of the platform application system, corresponding operation is allowed to be carried out on the platform application system, otherwise, the platform application system refuses to carry out related operation. Furthermore, operation information and authorization information generated when a user accesses the platform application system can be recorded in the log, so that the log can be subjected to auditing work such as inquiry, statistics and analysis according to information such as date, address, user and/or resource, and the auditing result can be displayed to an administrator in a form of a chart through a Web page.
Step S104: and uniformly managing the user access platform application system in the background through a pre-designed management mode.
As an embodiment of the present application, through a pre-designed management mode, unified management of the user access platform application system in the background can be implemented through steps S1041 to S1043, which are described as follows:
step S1041: and providing a data batch operation interface for a user.
In the embodiment of the application, user data such as user identity information and the like are collected by each platform application system, and the platform provides a data batch operation interface for a user, so that batch operations such as import, export and migration of the user data can be performed, for example, import and export of a user data EXCEL table are adopted, so that the requirement of maintenance of a large number of users is met.
Step S1042: and setting an administrator role, and endowing management responsibilities and tasks for the administrator role according to a hierarchical management and/or authorization mode.
In the embodiment of the application, the administrator roles may be divided into a system administrator role, a security auditor role, and an entity administrator role, where the system administrator role is mainly responsible for daily administration such as entity administrator administration, organization administration, role administration, and application system administration, the security auditor role is mainly responsible for performing work such as security audit, log administration, and monitoring work of the system administrator, and the like, and the entity administrator role authorizes an end user mainly according to an access role of the entity defined by the system administrator.
After the various administrator roles are set, administrator roles and tasks can be given to the administrator roles according to a hierarchical management and/or authorization mode, specifically, as shown in fig. 3, an administrator of an office unit is responsible for user information management and system-level authorization management of the office unit, an administrator of a lower unit is responsible for user information management and system-level authorization management of the office unit and the lower unit, and the administrator of the office unit and the administrator of the lower unit perform organization information management, user information management, authorization management, certificate management and security audit on the respective units; the authority of the unit administrator is uniformly distributed by a primary uniform authentication management system administrator, and the data synchronization is realized through the information synchronization service.
Step S1043: and carrying out safety management on the account information of the user.
Specifically, the security management of the account information of the user mainly includes resetting the user account password and setting the password to be changed when the user logs in next time after the user is reset.
As can be seen from the unified rights management method of the database illustrated in fig. 1, the users of the platform application system are uniformly authenticated to access the platform application system after the unified authentication is passed, if the unified authentication of the users of the platform application system is successful, the users are uniformly managed to grant the users access rights to the platform application system, and the users are uniformly managed to access the platform application system in the background through a pre-designed management mode. Compared with the prior art, the technical scheme provided by the application has the advantages that the application bottom layer implementation logic does not need to be concerned, the expandability and the fault tolerance are high, the technology selection is flexible, unified authentication and related processing only need to be concerned with corresponding modules, other services do not need to be concerned, the development efficiency is high, the period is short, the bottom layer code of the original system does not need to be modified, only the authority part data of the system needs to be accessed, the expandability is high, the portability is high, all request data are processed through a unified gateway inlet, the filtering and intercepting invalid requests are realized, and meanwhile, the data structure of the tree can be displayed through the display layer.
Referring to fig. 4, a unified rights management apparatus for a database according to an embodiment of the present application may include an access module 401, an authentication module 402, a rights management module 403, and a service management module 404, which are described in detail as follows:
the access module 401 is configured to access the platform application system to the platform in a plug-and-play manner;
an authentication module 402, configured to perform unified authentication on a user of the platform application system, so as to access the platform application system after the unified authentication is passed;
the authority management module 403 is configured to perform unified authority management on the user if the unified authentication on the user of the platform application system is successful, so as to grant the user an authority to access the platform application system;
and the service management module 404 is configured to perform unified management on the platform application system accessed by the user in the background through a pre-designed management mode.
Optionally, the access module 401 illustrated in fig. 4 is specifically configured to use an integrated plug-in mode to enable the single sign-on SSO authentication service to perform interactive verification on user information with the platform application system, and access the platform application system that passes the verification to the platform.
Optionally, the apparatus illustrated in fig. 4 may further include an import module and a normalization module, wherein:
an importing module, configured to import user information in the platform application system before the access module 401 accesses the platform application system to the platform;
and the standardization module is used for canceling the previous login mode of the platform application system and standardizing or unifying the login entry mode of the access platform.
Optionally, the authentication module 402 illustrated in fig. 4 may include a unified identification unit and a mapping unit, wherein:
the unified identification unit is used for authenticating users with different identification types in the platform application system as users with unified identifications;
and the mapping unit is used for mapping the uniform identification of the user to user accounts of different platform application systems so as to access the corresponding platform application systems by using the mapped user accounts.
Optionally, the rights management module 403 illustrated in fig. 4 may include a setting unit and a sending unit, where:
the device comprises a setting unit, a processing unit and a control unit, wherein the setting unit is used for setting authorization information for a user according to user information of the user, and the authorization information comprises a role distributed by the user and a permission corresponding to the role;
and the sending unit is used for checking the authorization information set for the user and sending the authorization information to the platform application system when the user after the unified authentication is passed logs in the platform application system.
Optionally, the apparatus illustrated in fig. 4 may further include a logging module, configured to log operation information and authorization information generated when a user accesses the platform application system.
Optionally, the service management module 404 illustrated in fig. 4 may include an interface providing unit, a role giving unit, and a security management unit, wherein:
the interface providing unit is used for providing a data batch operation interface for a user;
the system comprises a role endowing unit, a task endowing unit and a task management unit, wherein the role endowing unit is used for setting an administrator role and endowing the administrator role with management roles and tasks according to a hierarchical management and/or authorization mode;
and the safety management unit is used for carrying out safety management on the account information of the user.
It can be known from the above description of the technical solutions that the users of the platform application system are uniformly authenticated to access the platform application system after the uniform authentication is passed, if the uniform authentication of the users of the platform application system is successful, the users are uniformly managed to grant the user the right to access the platform application system, and the users are uniformly managed to access the platform application system in the background through a pre-designed management mode. Compared with the prior art, the technical scheme provided by the application has the advantages that the application bottom layer implementation logic does not need to be concerned, the expandability and the fault tolerance are high, the technology selection is flexible, unified authentication and related processing only need to be concerned with corresponding modules, other services do not need to be concerned, the development efficiency is high, the period is short, the bottom layer code of the original system does not need to be modified, only the authority part data of the system needs to be accessed, the expandability is high, the portability is high, all request data are processed through a unified gateway inlet, the filtering and intercepting invalid requests are realized, and meanwhile, the data structure of the tree can be displayed through the display layer.
Fig. 5 is a schematic structural diagram of an apparatus provided in an embodiment of the present application. As shown in fig. 5, the apparatus 5 of this embodiment mainly includes: a processor 50, a memory 51 and a computer program 52, such as a program of a unified rights management method of a database, stored in the memory 51 and executable on the processor 50. The processor 50, when executing the computer program 52, implements the steps in the above-described embodiment of the unified rights management method for a database, such as the steps S101 to S104 shown in fig. 1. Alternatively, the processor 50, when executing the computer program 52, implements the functions of the modules/units in the above-described device embodiments, such as the functions of the access module 401, the authentication module 402, the right management module 403, and the service management module 404 shown in fig. 4.
Illustratively, the computer program 52 of the unified rights management method for a database mainly includes: the platform application system is accessed to the platform in a plug-and-play mode; performing unified authentication on users of the platform application system to access the platform application system after the unified authentication is passed; if the unified authentication of the user of the platform application system is successful, unified authority management is carried out on the user so as to grant the authority of the user for accessing the platform application system; and uniformly managing the user access to the platform application system in the background through a pre-designed management mode. The computer program 52 may be divided into one or more modules/units, which are stored in the memory 51 and executed by the processor 50 to complete the present application. One or more of the modules/units may be a series of computer program instruction segments capable of performing specific functions, which are used to describe the execution of the computer program 52 in the device 5. For example, the computer program 52 may be divided into functions of an access module 401, an authentication module 402, a rights management module 403, and a service management module 404 (modules in a virtual device), and the specific functions of each module are as follows: the access module 401 is configured to access the platform application system to the platform in a plug-and-play manner; an authentication module 402, configured to perform unified authentication on a user of the platform application system, so as to access the platform application system after the unified authentication is passed; the authority management module 403 is configured to perform unified authority management on the user if the unified authentication on the user of the platform application system is successful, so as to grant the user an authority to access the platform application system; and the service management module 404 is configured to perform unified management on the platform application system accessed by the user in the background through a pre-designed management mode.
The device 5 may include, but is not limited to, a processor 50, a memory 51. Those skilled in the art will appreciate that fig. 5 is merely an example of a device 5 and does not constitute a limitation of device 5 and may include more or fewer components than shown, or some components may be combined, or different components, e.g., a computing device may also include input-output devices, network access devices, buses, etc.
The Processor 50 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 51 may be an internal storage unit of the device 5, such as a hard disk or a memory of the device 5. The memory 51 may also be an external storage device of the device 5, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), etc., provided on the device 5. Further, the memory 51 may also include both internal storage units of the device 5 and external storage devices. The memory 51 is used for storing computer programs and other programs and data required by the device. The memory 51 may also be used to temporarily store data that has been output or is to be output.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned functions may be distributed as required to different functional units and modules, that is, the internal structure of the apparatus may be divided into different functional units or modules to implement all or part of the functions described above. Each functional unit and module in the embodiments may be integrated in one processing unit, or each unit may exist alone physically, or two or more units are integrated in one unit, and the integrated unit may be implemented in a form of hardware, or in a form of software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working processes of the units and modules in the above-mentioned apparatus may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus/device and method may be implemented in other ways. For example, the above-described apparatus/device embodiments are merely illustrative, and for example, a module or a unit may be divided into only one logic function, and may be implemented in other ways, for example, a plurality of units or components may be combined or integrated into another apparatus, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
Units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated modules/units, if implemented in the form of software functional units and sold or used as separate products, may be stored in a non-transitory computer readable storage medium. Based on such understanding, all or part of the processes in the method of the embodiments may also be implemented by instructing related hardware through a computer program, and the computer program of the unified rights management method for a database may be stored in a computer-readable storage medium, and when being executed by a processor, the computer program may implement the steps of the embodiments of the methods, that is, the platform application system is accessed to the platform in a plug-and-play manner; performing unified authentication on users of the platform application system to access the platform application system after the unified authentication is passed; if the unified authentication of the user of the platform application system is successful, unified authority management is carried out on the user so as to grant the authority of the user for accessing the platform application system; and uniformly managing the user access to the platform application system in the background through a pre-designed management mode. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The non-transitory computer readable medium may include: any entity or device capable of carrying computer program code, recording medium, U.S. disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution media, and the like. It should be noted that the non-transitory computer readable medium may contain content that is subject to appropriate increase or decrease as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, non-transitory computer readable media does not include electrical carrier signals and telecommunications signals as subject to legislation and patent practice. The above embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present application and are intended to be included within the scope of the present application.
The above-mentioned embodiments, objects, technical solutions and advantages of the present application are described in further detail, it should be understood that the above-mentioned embodiments are merely exemplary embodiments of the present application, and are not intended to limit the scope of the present application, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present application should be included in the scope of the present invention.

Claims (10)

1. A method for unified rights management of a database, the method comprising:
the platform application system is accessed to the platform in a plug-and-play mode;
performing unified authentication on the users of the platform application system to access the platform application system after the unified authentication is passed;
if the unified authentication on the user of the platform application system is successful, carrying out unified authority management on the user so as to grant the authority of the user for accessing the platform application system;
and uniformly managing the user access to the platform application system in the background through a pre-designed management mode.
2. The unified rights management method of database according to claim 1, wherein said accessing the platform application system to the platform by plug and play comprises:
and adopting a plug-in integration mode to enable the single sign-on SSO authentication service to carry out interactive verification on user information with the platform application system, and accessing the platform application system passing the verification to the platform.
3. A method for unified rights management of a database according to claim 2, characterized in that said method further comprises:
importing user information in the platform application system before accessing the platform application system to the platform;
and canceling the previous login mode of the platform application system, and standardizing or uniformly accessing the login entry mode of the platform.
4. The unified rights management method for database according to claim 1, wherein said uniformly authenticating the user of the platform application system to access the platform application system after the uniform authentication is passed comprises:
authenticating users with different identification types in the platform application system as users with uniform identification;
and mapping the unified identification of the user to user accounts of different platform application systems so as to access the corresponding platform application systems by using the mapped user accounts.
5. The unified rights management method of the database as claimed in claim 1, wherein said unified rights management of said user for granting said user the right to access said platform application system comprises:
setting authorization information for the user according to the user information of the user, wherein the authorization information comprises the role allocated to the user and the authority corresponding to the role;
and when the user after the unified authentication is passed logs in the platform application system, checking the authorization information and sending the authorization information to the platform application system.
6. The unified rights management method of the database of claim 5, wherein the method further comprises:
and recording the operation information and the authorization information generated when the user accesses the platform application system to a log.
7. The method for unified rights management of database according to claim 1, wherein said unified management of said user's access to said platform application system in background through a pre-designed management mode comprises:
providing a data batch operation interface for the user;
setting an administrator role, and endowing the administrator role with management responsibilities and tasks according to a hierarchical management and/or authorization mode;
and carrying out safety management on the account information of the user.
8. An apparatus for unified rights management of a database, the apparatus comprising:
the access module is used for accessing the platform application system to the platform in a plug-and-play mode;
the authentication module is used for carrying out unified authentication on the users of the platform application system so as to access the platform application system after the unified authentication is passed;
the authority management module is used for carrying out unified authority management on the user if the unified authentication on the user of the platform application system is successful so as to grant the user the authority for accessing the platform application system;
and the service management module is used for uniformly managing the user access to the platform application system in the background through a pre-designed management mode.
9. An apparatus comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the steps of the method according to any one of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 7.
CN202011294851.3A 2020-11-18 2020-11-18 Unified authority management method, device, equipment and computer readable storage medium for database Pending CN112364336A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011294851.3A CN112364336A (en) 2020-11-18 2020-11-18 Unified authority management method, device, equipment and computer readable storage medium for database

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011294851.3A CN112364336A (en) 2020-11-18 2020-11-18 Unified authority management method, device, equipment and computer readable storage medium for database

Publications (1)

Publication Number Publication Date
CN112364336A true CN112364336A (en) 2021-02-12

Family

ID=74533997

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011294851.3A Pending CN112364336A (en) 2020-11-18 2020-11-18 Unified authority management method, device, equipment and computer readable storage medium for database

Country Status (1)

Country Link
CN (1) CN112364336A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112818328A (en) * 2021-02-26 2021-05-18 重庆度小满优扬科技有限公司 Multi-system authority management method, device, equipment and storage medium
CN113127906A (en) * 2021-04-29 2021-07-16 武汉虹信技术服务有限责任公司 Unified authority management platform, method and storage medium based on C/S architecture
CN113515732A (en) * 2021-06-30 2021-10-19 中国科学院电子学研究所苏州研究院 Cross-domain unified user authentication system and method
CN113904825A (en) * 2021-09-29 2022-01-07 百融至信(北京)征信有限公司 Multi-application unified access gateway method and system
CN114019823A (en) * 2021-09-17 2022-02-08 华能巢湖发电有限责任公司 Boiler four-tube overhaul diagnosis system based on three-dimensional virtual simulation
CN114462069A (en) * 2022-04-12 2022-05-10 北京天维信通科技有限公司 Multi-level tenant resource access management method, system, intelligent terminal and storage medium
CN115422157A (en) * 2022-08-30 2022-12-02 安徽继远检验检测技术有限公司 Unified database management method and system based on ldap

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112818328A (en) * 2021-02-26 2021-05-18 重庆度小满优扬科技有限公司 Multi-system authority management method, device, equipment and storage medium
CN113127906A (en) * 2021-04-29 2021-07-16 武汉虹信技术服务有限责任公司 Unified authority management platform, method and storage medium based on C/S architecture
CN113515732A (en) * 2021-06-30 2021-10-19 中国科学院电子学研究所苏州研究院 Cross-domain unified user authentication system and method
CN114019823A (en) * 2021-09-17 2022-02-08 华能巢湖发电有限责任公司 Boiler four-tube overhaul diagnosis system based on three-dimensional virtual simulation
CN113904825A (en) * 2021-09-29 2022-01-07 百融至信(北京)征信有限公司 Multi-application unified access gateway method and system
CN114462069A (en) * 2022-04-12 2022-05-10 北京天维信通科技有限公司 Multi-level tenant resource access management method, system, intelligent terminal and storage medium
CN115422157A (en) * 2022-08-30 2022-12-02 安徽继远检验检测技术有限公司 Unified database management method and system based on ldap
CN115422157B (en) * 2022-08-30 2023-05-30 安徽继远检验检测技术有限公司 Unified database management method and system based on ldap

Similar Documents

Publication Publication Date Title
CN112364336A (en) Unified authority management method, device, equipment and computer readable storage medium for database
WO2022126968A1 (en) Micro-service access method, apparatus and device, and storage medium
CN109643242B (en) Security design and architecture for multi-tenant HADOOP clusters
US9286475B2 (en) Systems and methods for enforcement of security profiles in multi-tenant database
CN112637214B (en) Resource access method and device and electronic equipment
US8332917B2 (en) Providing secure dynamic role selection and managing privileged user access from a client device
CN106411857B (en) A kind of private clound GIS service access control method based on virtual isolation mech isolation test
CN110266764B (en) Gateway-based internal service calling method and device and terminal equipment
CN111314340B (en) Authentication method and authentication platform
US8108907B2 (en) Authentication of user database access
CN107315950B (en) Automatic division method for minimizing authority of cloud computing platform administrator and access control method
CN105812350B (en) Cross-platform single sign-on system
WO2020119536A1 (en) Alliance chain information release control method and terminal device
CN106815503A (en) A kind of operating system method for managing user right and system
WO2020156135A1 (en) Method and device for processing access control policy and computer-readable storage medium
CN109766708B (en) Data resource access method, system, computer system and storage medium
CN111695108B (en) Unified account identification system for multi-source accounts in heterogeneous computing environment
CN113923020A (en) Micro-service authentication method, device and equipment of SaaS multi-tenant architecture
CN108092983A (en) Unified internal control method for managing security and system
RU2415466C1 (en) Method of controlling identification of users of information resources of heterogeneous computer network
CN114357490A (en) Data sharing method, device and system based on block chain
CN115758459A (en) Data authority management method and device
CN109088858A (en) A kind of medical system and method based on rights management
CN114021103A (en) Single sign-on method, device, terminal and storage medium based on identity authentication
WO2016134482A1 (en) License management for device management system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination