CN112597518A - Graph database-based authority management method, device and equipment - Google Patents

Graph database-based authority management method, device and equipment Download PDF

Info

Publication number
CN112597518A
CN112597518A CN202011569131.3A CN202011569131A CN112597518A CN 112597518 A CN112597518 A CN 112597518A CN 202011569131 A CN202011569131 A CN 202011569131A CN 112597518 A CN112597518 A CN 112597518A
Authority
CN
China
Prior art keywords
subsystem
authority
layer
graph database
management
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011569131.3A
Other languages
Chinese (zh)
Other versions
CN112597518B (en
Inventor
王春辉
刘张平
刘尚秋
王鲜鲜
宋明贺
贾海闯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Agricultural Bank of China
Original Assignee
Agricultural Bank of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Agricultural Bank of China filed Critical Agricultural Bank of China
Priority to CN202011569131.3A priority Critical patent/CN112597518B/en
Priority claimed from CN202011569131.3A external-priority patent/CN112597518B/en
Publication of CN112597518A publication Critical patent/CN112597518A/en
Application granted granted Critical
Publication of CN112597518B publication Critical patent/CN112597518B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2113Multi-level security, e.g. mandatory access control
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Automation & Control Theory (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses a graph database-based authority management method, a graph database-based authority management device and a graph database-based authority management device, which can realize unified management of internal authorities of enterprises based on a graph database, reduce system maintenance difficulty and improve user experience. The method comprises the following steps: after a management subsystem is newly built, firstly, the authority of the subsystem is built layer by layer according to the hierarchical relationship of the subsystem and the authority, then, roles are distributed to users layer by layer according to the hierarchical relationship of enterprise organizations according to the authority of each layer of subsystem, then, the roles distributed to the users under the sub-layer organizations and the lower-layer organizations are recovered by utilizing a parent-layer organization in the subsystem according to an authority management system which is built in advance based on a graph database, and further, the corresponding roles can be selected for the users according to the authority of the hierarchy subsystem where the users are located, so that the authority management based on the graph database is realized.

Description

Graph database-based authority management method, device and equipment
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method, an apparatus, and a device for rights management based on a graph database.
Background
With the continuous promotion of enterprise modernization, informatization and digitization, more and more systems are used in enterprises, the general systems comprise a human resource system, an attendance system, a purchasing system, an archive management system and the like, each system independently performs user management during construction, independently stores user information, role information, department information and the like, and meanwhile, special personnel are required to be equipped for configuring permissions. With the increase of systems, confusion is easy to occur in management, and the management difficulty is high.
The current common authority management method is mainly realized through role control, a management system can set several roles in the development process, such as a super manager, an administrator, a common user and the like, each role corresponds to different functions of the system, the functions used by the user are controlled by configuring different roles for the user, and some advanced authority management can also set the authority used by the roles through an interface, so that the role can be dynamically adjusted. However, most rights management systems are developed based on a relational database, but because the relational database has the problems of low efficiency of processing linked list query, long execution time, low efficiency of processing hierarchy and tree query, and the like, many internal subsystems of an enterprise are easy to have the problems of long response time, low query efficiency, and the like, and the user experience is seriously influenced.
Disclosure of Invention
The embodiment of the application mainly aims to provide a graph database-based authority management method, a graph database-based authority management device and graph database-based authority management equipment, which can realize unified management of internal authorities of enterprises based on a graph database, reduce system maintenance difficulty and improve user experience.
In a first aspect, an embodiment of the present application provides a rights management method based on a graph database, including:
after a management subsystem is newly built, establishing the authority of the subsystem layer by layer according to the hierarchy relationship between the subsystem and the authority;
distributing roles for the users layer by layer according to the authority of each layer of the subsystem and the hierarchical relation of the enterprise organization;
utilizing a parent-level mechanism in the subsystem to recycle roles distributed to users under a sub-level structure and a lower-level structure according to an authority management system constructed based on a graph database in advance;
and according to the authority of the level subsystem where the user is located, distributing corresponding roles for the user, and realizing authority management based on a graph database.
Optionally, before creating the authority of the subsystem layer by layer according to the hierarchical relationship between the subsystem and the authority, the method further includes:
receiving a request of a newly-built subsystem, wherein the request of the newly-built subsystem comprises information of the newly-built subsystem;
and creating the subsystem needing to be docked according to the information of the newly-built subsystem.
Optionally, after creating the authority of the subsystem layer by layer according to the hierarchical relationship between the subsystem and the authority, the method further includes:
and receiving a role modification request, and modifying the authority of the subsystem according to the modification request.
Optionally, the authority management system constructed in advance based on the graph database includes four entities of a mechanism, a user, a role and authority and corresponding relations among the four entities.
In a second aspect, an embodiment of the present application further provides a rights management device based on a graph database, including:
the first creating unit is used for creating the authority of the subsystem layer by layer according to the hierarchy relationship of the subsystem and the authority after the management subsystem is newly built;
the distribution unit is used for distributing roles for the users layer by layer according to the authority of each layer of the subsystem and the hierarchical relation of the enterprise organization;
the recovery unit is used for recovering roles distributed to users under the sub-level structure and the lower-level structure by utilizing a parent-level mechanism in the subsystem according to an authority management system constructed based on a graph database in advance;
and the distribution unit is used for distributing corresponding roles for the users according to the authority of the hierarchy subsystem where the users are located, so that authority management based on the graph database is realized.
Optionally, the apparatus further comprises:
the system comprises a receiving unit, a processing unit and a processing unit, wherein the receiving unit is used for receiving a request of a newly-built subsystem, and the request of the newly-built subsystem comprises information of the newly-built subsystem;
and the second creating unit is used for creating the subsystem needing to be docked according to the information of the newly-built subsystem.
Optionally, the apparatus further comprises:
and the modifying unit is used for receiving the role modifying request and modifying the authority of the subsystem according to the modifying request.
Optionally, the authority management system constructed in advance based on the graph database includes four entities of a mechanism, a user, a role and authority and corresponding relations among the four entities.
An embodiment of the present application further provides an authority management device based on a graph database, including: a processor, a memory, a system bus;
the processor and the memory are connected through the system bus;
the memory is configured to store one or more programs, the one or more programs including instructions, which when executed by the processor, cause the processor to perform any one of the implementations of the graph database-based rights management method described above.
An embodiment of the present application further provides a computer-readable storage medium, where instructions are stored in the computer-readable storage medium, and when the instructions are run on a terminal device, the terminal device is enabled to execute any implementation manner of the graph database-based rights management method.
According to the authority management method, device and equipment based on the graph database, after a management subsystem is newly built, firstly, the authority of the subsystem is built layer by layer according to the hierarchical relationship between the subsystem and the authority, then, roles are distributed to users layer by layer according to the hierarchical relationship between each layer of subsystem and an enterprise organization according to the authority of each layer of subsystem, then, the roles distributed to the users under a sub-layer organization and a lower-layer organization are recovered by a parent-layer organization in the subsystem according to an authority management system built based on the graph database in advance, further, the corresponding roles can be selected for the users according to the authority of the hierarchical subsystem where the users are located, and the authority management based on the graph database is achieved. Therefore, unified management of the internal authority of the enterprise can be realized based on the graph database, the system maintenance difficulty is reduced, and the user experience is improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a flowchart illustrating a method for rights management based on a graph database according to an embodiment of the present application;
FIG. 2 is a diagram illustrating a rights management system constructed based on a graph database according to an embodiment of the present application;
fig. 3 is a schematic diagram illustrating a composition of a rights management device based on a graph database according to an embodiment of the present application.
Detailed Description
At present, for large enterprises, the internal mechanisms of the enterprises are complicated, the internal systems are numerous, the user authority is difficult to manage, whether a set of unified authority management system can be realized or not is achieved, the authority of each subsystem in the enterprises is managed, and the method has important significance for improving the overall management level of the enterprises.
The current common authority management method is mainly realized through role control, a management system can set several roles in the development process, such as a super manager, an administrator, a common user and the like, each role corresponds to different functions of the system, the functions used by the user are controlled by configuring different roles for the user, and some advanced authority management can also set the authority used by the roles through an interface, so that the role can be dynamically adjusted. However, most rights management systems are developed based on a relational database, but because the relational database has the problems of low efficiency of processing linked list query, long execution time, low efficiency of processing hierarchy and tree query, and the like, many internal subsystems of an enterprise are easy to have the problems of long response time, low query efficiency, and the like, and the user experience is seriously influenced.
In order to solve the above-mentioned drawbacks, an embodiment of the present application provides a graph database-based authority management method, where after a management subsystem is newly created, firstly, permissions of the subsystems are created layer by layer according to a hierarchical relationship between the subsystems and the permissions, then, roles are distributed to users layer by layer according to the hierarchical relationship between each layer of subsystems and according to the permissions of enterprise organizations, and then, roles distributed to users under a sub-layer organization and a lower-layer organization are recovered by using a parent-layer organization in the subsystems according to a permission management system which is previously constructed based on a graph database, and further, corresponding roles can be selected for the users according to the permissions of the hierarchy subsystems where the users are located, so as to implement graph database-based authority management. Therefore, unified management of the internal authority of the enterprise can be realized based on the graph database, the system maintenance difficulty is reduced, and the user experience is improved.
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
First embodiment
Referring to fig. 1, a flow chart of a rights management method based on a graph database provided in this embodiment is schematically illustrated, where the method includes the following steps:
s101: and after the management subsystem is newly built, establishing the authority of the subsystem layer by layer according to the hierarchy relationship between the subsystem and the authority.
It should be noted that, most of the existing authority management systems are systems individually responsible for the authority of their respective systems, and users, roles, and authority data are dispersed in the systems, and each system needs special personnel to take charge of maintaining the authority, so that the management difficulty is high, the data repetition rate is high, and the use of a relational database has the problems of low linked list query efficiency, long response time, and the like, thereby reducing the efficiency of maintaining the user authority.
Therefore, in the embodiment, in order to achieve unified management of the internal permissions of the enterprise, the system maintenance difficulty is reduced, and the user experience is improved. Firstly, after a management subsystem is newly built, the authority of the subsystem is created layer by layer according to the hierarchical relationship between the subsystem and the authority, so that the unified management of the authority of the subsystem in an enterprise is realized through the subsequent steps S102-S104, and the management level of an enterprise information system is effectively improved.
Wherein rights management refers to the control of system functions. Specifically, in the development process of the system, the authority in the system generally needs to be managed and controlled, different authorities corresponding to roles are realized through configuration of the role function, and finally different users access different functions.
Specifically, in an alternative implementation manner, after logging in by using the identity of a system administrator and passing verification, an input request of a new subsystem may be received, where the request of the new subsystem includes information of the new subsystem, and then a subsystem to be docked may be created according to the information of the new subsystem.
Furthermore, the authority of the subsystem can be newly built layer by layer according to the hierarchical relationship between the subsystem and the authority, wherein each authority can correspond to one code, and information such as a code of a corresponding father authority, the authority code, the authority name and the like is input according to the hierarchical relationship of the authority, so that the new building of the authority can be completed.
On the basis, a role modification request can be further received, and the authority of the subsystem is modified according to the modification request. Specifically, in order to implement the configuration of the role, the role to be modified can be queried by using the identity of a system administrator, and the permission of the corresponding subsystem is checked for modification, so that after the modification is completed, the user owning the role can automatically obtain the checked permission.
S102: and distributing roles for the users layer by layer according to the authority of each layer of subsystem and the hierarchical relation of the enterprise organization.
In this embodiment, after the authority of the subsystem is created layer by layer according to the hierarchical relationship between the subsystem and the authority in step S101, the role can be further distributed to the user layer by layer according to the hierarchical relationship between the mechanisms.
It should be noted that the child parent hierarchical organization can only select a role to be assigned from the role list in the direct parent hierarchical organization, and does not allow roles to be distributed across hierarchies.
S103: and recovering the roles distributed to the users under the sub-level structure and the lower-level structure by utilizing a parent-level mechanism in the subsystem according to an authority management system constructed based on a graph database in advance.
When roles are distributed and needed to be recovered, roles distributed to users under the sub-level structure and the lower-level structure can be recovered by utilizing a parent-level mechanism in a subsystem according to a permission management system constructed based on a graph database in advance. That is, when a parent hierarchy recovers a role, all child hierarchies and the personnel under the hierarchy automatically lose the role.
An optional implementation manner is that the authority management system constructed in advance based on the graph database includes four entities of a mechanism, a user, a role and authority and corresponding relations among the four entities.
Specifically, in the present embodiment, in order to solve the problem that the system response speed is low in the case of recovering the rights at present, it is proposed to construct the rights management system by using a graph database in advance. As shown in fig. 2, the right management system includes four entities of an organization, a user, a role, and a right, and a corresponding relationship between the four entities. Specifically, the node set of the system mainly includes four entities: the mechanism, the user, the role and the authority store the corresponding relation between the user and the mechanism by using a side from the user to the mechanism, store the relation of the mechanism to assign the role by using a side from the mechanism to the role, store the corresponding relation of the user role by using a side from the user to the role, store the authority configured by the role from the side from the role to the authority, store the superior-inferior relation of the mechanism from the side from the mechanism to the self, and store the superior-inferior relation of the authority from the side from the authority to the self.
As can be seen from FIG. 2, the relationship is the most important element of the graph database, the nodes such as organization, user, role and authority are mutually managed through the relationship, the reference of the adjacent nodes is maintained at each node, the use of the index-free adjacency attribute enables the query time to be unrelated to the overall scale of the graph, and the speed of relationship query is guaranteed. When the related authority is inquired according to the user name, the left join is needed to be used for inquiring the relation search, the matching and the like of a plurality of tables such as a user role relation table, a role and authority relation table, an authority table and the like for the relational database, and the authority information is directly searched by the database only through the pre-stored relation list, so that the use of system resources is reduced, the request response time is greatly shortened, and the user experience is improved.
S104: and distributing corresponding roles for the users according to the authority of the level subsystem where the users are located, so as to realize authority management based on the graph database.
In this embodiment, after the role distribution is completed through steps S102 to S103, a corresponding role may be further allocated to the user according to the authority of the hierarchical subsystem where the user is located, so as to implement authority management based on the graph database.
Therefore, the roles are created by the top-level mechanism and distributed layer by layer according to the mechanism level, so that unified creation and distribution of the roles are realized, unified management of the roles is finally realized, role repetition caused by scattered management of the roles in different subsystems is avoided, the number of the roles is reduced, unified management of enterprise users is facilitated, and maintenance difficulty is reduced.
In summary, according to the authority management method based on the graph database provided by this embodiment, after a management subsystem is newly created, firstly, the authority of the subsystem is created layer by layer according to the hierarchical relationship between the subsystem and the authority, then, roles are distributed to users layer by layer according to the hierarchical relationship between each layer of the subsystem and the enterprise organization, then, the roles distributed to the users under the sub-level organization and the lower level organization are recovered by using the authority management system built in advance based on the graph database by using the parent level organization in the subsystem according to the authority management system built based on the graph database, and further, the corresponding roles can be selected for the users according to the authority of the subsystem at the level where the users are located, so as to implement authority management based on the graph database. Therefore, unified management of the internal authority of the enterprise can be realized based on the graph database, the system maintenance difficulty is reduced, and the user experience is improved.
Second embodiment
In this embodiment, a rights management device based on a graph database will be described, and please refer to the above method embodiments for related contents.
Referring to fig. 3, a schematic diagram of a rights management device based on a graph database according to this embodiment is shown, where the device includes:
the first creating unit 301 is configured to create the authority of the subsystem layer by layer according to the hierarchical relationship between the subsystem and the authority after the management subsystem is newly created;
the distribution unit 302 is used for distributing roles for the users layer by layer according to the authority of each layer of the subsystem and the hierarchical relationship of the enterprise organization;
a recovery unit 303, configured to recover, by using a parent-level mechanism in the subsystem, roles to which users in a sub-level structure and a lower-level structure are distributed, according to an authority management system constructed based on a graph database in advance;
the allocation unit 304 is configured to allocate a corresponding role to the user according to the authority of the hierarchical subsystem where the user is located, so as to implement authority management based on a graph database.
In an implementation manner of this embodiment, the apparatus further includes:
the system comprises a receiving unit, a processing unit and a processing unit, wherein the receiving unit is used for receiving a request of a newly-built subsystem, and the request of the newly-built subsystem comprises information of the newly-built subsystem;
and the second creating unit is used for creating the subsystem needing to be docked according to the information of the newly-built subsystem.
In an implementation manner of this embodiment, the apparatus further includes:
and the modifying unit is used for receiving the role modifying request and modifying the authority of the subsystem according to the modifying request.
In an implementation manner of this embodiment, the authority management system constructed in advance based on the graph database includes four entities of a mechanism, a user, a role, and an authority, and a correspondence relationship between the four entities.
In summary, after a management subsystem is newly created, firstly, permissions of the subsystems are created layer by layer according to a hierarchical relationship between the subsystems and the permissions, then, roles are distributed to users layer by layer according to the hierarchical relationship between each layer of subsystems and the hierarchical relationship between enterprise organizations, then, roles distributed to users under a sub-level organization and a lower-level organization are recovered by using a parent-level organization in the subsystems according to a permission management system which is constructed based on a graph database in advance, and further, corresponding roles can be selected for the users according to the permissions of the subsystems of the hierarchy where the users are located, so that authority management based on the graph database is realized. Therefore, unified management of the internal authority of the enterprise can be realized based on the graph database, the system maintenance difficulty is reduced, and the user experience is improved.
Further, an embodiment of the present application further provides a rights management device based on a graph database, including: a processor, a memory, a system bus;
the processor and the memory are connected through the system bus;
the memory is configured to store one or more programs, the one or more programs including instructions, which when executed by the processor, cause the processor to perform any of the above described graph database based rights management methods.
Further, an embodiment of the present application further provides a computer-readable storage medium, where instructions are stored in the computer-readable storage medium, and when the instructions are run on a terminal device, the terminal device is caused to execute any implementation method of the graph database-based rights management method.
As can be seen from the above description of the embodiments, those skilled in the art can clearly understand that all or part of the steps in the above embodiment methods can be implemented by software plus a necessary general hardware platform. Based on such understanding, the technical solution of the present application may be essentially or partially implemented in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network communication device such as a media gateway, etc.) to execute the method according to the embodiments or some parts of the embodiments of the present application.
It should be noted that, in the present specification, the embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments may be referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
It is further noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A method for rights management based on a graph database, comprising:
after a management subsystem is newly built, establishing the authority of the subsystem layer by layer according to the hierarchy relationship between the subsystem and the authority;
distributing roles for the users layer by layer according to the authority of each layer of the subsystem and the hierarchical relation of the enterprise organization;
utilizing a parent-level mechanism in the subsystem to recycle roles distributed to users under a sub-level structure and a lower-level structure according to an authority management system constructed based on a graph database in advance;
and according to the authority of the level subsystem where the user is located, distributing corresponding roles for the user, and realizing authority management based on a graph database.
2. The method of claim 1, wherein prior to said creating rights for said subsystems layer by layer according to a hierarchical relationship of said subsystems and rights, said method further comprises:
receiving a request of a newly-built subsystem, wherein the request of the newly-built subsystem comprises information of the newly-built subsystem;
and creating the subsystem needing to be docked according to the information of the newly-built subsystem.
3. The method of claim 1, wherein after creating the privileges of the subsystems layer by layer according to the hierarchy of subsystems and privileges, the method further comprises:
and receiving a role modification request, and modifying the authority of the subsystem according to the modification request.
4. The method according to any one of claims 1 to 3, wherein the authority management system constructed in advance based on the graph database comprises four entities of an organization, a user, a role and authority and corresponding relations among the four entities.
5. A graph database-based rights management apparatus, comprising:
the first creating unit is used for creating the authority of the subsystem layer by layer according to the hierarchy relationship of the subsystem and the authority after the management subsystem is newly built;
the distribution unit is used for distributing roles for the users layer by layer according to the authority of each layer of the subsystem and the hierarchical relation of the enterprise organization;
the recovery unit is used for recovering roles distributed to users under the sub-level structure and the lower-level structure by utilizing a parent-level mechanism in the subsystem according to an authority management system constructed based on a graph database in advance;
and the distribution unit is used for distributing corresponding roles for the users according to the authority of the hierarchy subsystem where the users are located, so that authority management based on the graph database is realized.
6. The apparatus of claim 5, further comprising:
the system comprises a receiving unit, a processing unit and a processing unit, wherein the receiving unit is used for receiving a request of a newly-built subsystem, and the request of the newly-built subsystem comprises information of the newly-built subsystem;
and the second creating unit is used for creating the subsystem needing to be docked according to the information of the newly-built subsystem.
7. The apparatus of claim 5, further comprising:
and the modifying unit is used for receiving the role modifying request and modifying the authority of the subsystem according to the modifying request.
8. The apparatus according to any one of claims 5 to 7, wherein the authority management system constructed in advance based on the graph database comprises four entities of an organization, a user, a role and authority and corresponding relations among the four entities.
9. A graph database based rights management device, comprising: a processor, a memory, a system bus;
the processor and the memory are connected through the system bus;
the memory is to store one or more programs, the one or more programs comprising instructions, which when executed by the processor, cause the processor to perform the method of any of claims 1-4.
10. A computer-readable storage medium having stored therein instructions that, when executed on a terminal device, cause the terminal device to perform the method of any one of claims 1-4.
CN202011569131.3A 2020-12-26 Rights management method, device and equipment based on graph database Active CN112597518B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011569131.3A CN112597518B (en) 2020-12-26 Rights management method, device and equipment based on graph database

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011569131.3A CN112597518B (en) 2020-12-26 Rights management method, device and equipment based on graph database

Publications (2)

Publication Number Publication Date
CN112597518A true CN112597518A (en) 2021-04-02
CN112597518B CN112597518B (en) 2024-06-11

Family

ID=

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109948350A (en) * 2019-01-18 2019-06-28 深圳市万睿智能科技有限公司 A kind of hierarchical organization structure account authority distributing method and its system and storage medium
CN110750559A (en) * 2019-10-17 2020-02-04 北京明略软件系统有限公司 Authority information processing method and device, storage medium and electronic device
CN110955903A (en) * 2019-11-22 2020-04-03 支付宝(杭州)信息技术有限公司 Privacy resource authority control method, device and equipment based on intelligent graph calculation
CN111104652A (en) * 2019-10-17 2020-05-05 贝壳技术有限公司 Authority management method and device, computer readable storage medium and electronic equipment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109948350A (en) * 2019-01-18 2019-06-28 深圳市万睿智能科技有限公司 A kind of hierarchical organization structure account authority distributing method and its system and storage medium
CN110750559A (en) * 2019-10-17 2020-02-04 北京明略软件系统有限公司 Authority information processing method and device, storage medium and electronic device
CN111104652A (en) * 2019-10-17 2020-05-05 贝壳技术有限公司 Authority management method and device, computer readable storage medium and electronic equipment
CN110955903A (en) * 2019-11-22 2020-04-03 支付宝(杭州)信息技术有限公司 Privacy resource authority control method, device and equipment based on intelligent graph calculation

Similar Documents

Publication Publication Date Title
US20220247640A1 (en) Stateless resource management
CN109688120B (en) Dynamic authority management system based on improved RBAC model and Spring Security framework
RU2598324C2 (en) Means of controlling access to online service using conventional catalogue features
EP2510473B1 (en) Unified user login for co-location facilities
US10560458B2 (en) Resource sharing in cloud computing
JP5346010B2 (en) Policy management infrastructure
CN109344603B (en) Unified login system
US10142406B2 (en) Automated data center selection
CN110990150A (en) Tenant management method and system of container cloud platform, electronic device and storage medium
JP5623271B2 (en) Information processing apparatus, authority management method, program, and recording medium
CN111988173B (en) Tenant management platform and tenant management method based on multi-layer father-son structure tenant
US9160705B2 (en) Identifier management
Won et al. Advanced resource management with access control for multitenant Hadoop
US10956363B2 (en) Automated data management via machine-readable data definition files
CN112597518A (en) Graph database-based authority management method, device and equipment
CN112597518B (en) Rights management method, device and equipment based on graph database
US11853286B2 (en) Dynamic deployment of multiple database systems with data reduction
CN100386990C (en) Method for implementing intelligent network flexible authority management
CN114866416A (en) Multi-cluster unified management system and deployment method
CN109240653A (en) A kind of method and system constructing internet O&M resource associations system
US11868494B1 (en) Synchronization of access management tags between databases
US20230421609A1 (en) Organization based access control with boundary access policies
WO2013147736A1 (en) Topological query in multi-tenancy environment
Penberthy et al. Other RDS Databases
CN112181591A (en) Cluster namespace management method and system, electronic device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant