CN115270108A - Method and device for authority safety control in power monitoring system - Google Patents

Method and device for authority safety control in power monitoring system Download PDF

Info

Publication number
CN115270108A
CN115270108A CN202210528843.3A CN202210528843A CN115270108A CN 115270108 A CN115270108 A CN 115270108A CN 202210528843 A CN202210528843 A CN 202210528843A CN 115270108 A CN115270108 A CN 115270108A
Authority
CN
China
Prior art keywords
authorization
service
account
application
authorization application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210528843.3A
Other languages
Chinese (zh)
Inventor
艾文凯
谢豪
陈翔
陆鑫
孙超
徐丹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NR Electric Co Ltd
NR Engineering Co Ltd
Original Assignee
NR Electric Co Ltd
NR Engineering Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NR Electric Co Ltd, NR Engineering Co Ltd filed Critical NR Electric Co Ltd
Priority to CN202210528843.3A priority Critical patent/CN115270108A/en
Publication of CN115270108A publication Critical patent/CN115270108A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44521Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
    • G06F9/44526Plug-ins; Add-ons
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2135Metering
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Abstract

The invention discloses a method and a device for authority security control in an electric power monitoring system, wherein the method subdivides accounts in the electric power monitoring system into five types, and comprises the following steps: the system comprises a system management class, a service authorization class, a service operation and maintenance class and a service browsing class; the service authorization type account with the current value has account abnormal behavior login authorization capability and user-defined key operation authorization capability; through the service authorization type account, illegal behaviors such as misoperation, malicious operation and the like of other four types of accounts are prevented, meanwhile, the service authorization type account has the shift-changing characteristic, and the next service authorization type account with the proper value is appointed by the last service authorization type account with the proper value; the transparency of the user-defined key business operation authorization application and approval of the power monitoring system is realized through the authorization application plug-in and authorization approval servitization, so that the controllability of the key business operation is ensured, and the safety of the power monitoring system is further improved.

Description

Method and device for authority safety control in power monitoring system
Technical Field
The invention relates to a method and a device for authority security control in an electric power monitoring system, and belongs to the technical field of electric power monitoring system security.
Background
With the development of computer technology, the intelligent operation and maintenance of the power monitoring system are greatly improved, a dispatcher logs in the system locally, and key operations such as remote control, remote modification and customization of key equipment and key parameters of a transformer substation outside thousands of miles are performed; at present, an electric power monitoring system only performs identity authentication based on double-factor authentication on local login, after the local login is successful, the account can perform the key operation anytime and anywhere, when a single person is unfamiliar, the electric power monitoring system has the capability of intentionally performing malicious key operation, and the current safety protection strategy cannot effectively prevent the behaviors.
Disclosure of Invention
The invention aims to overcome the defects in the prior art and provides a method and a device for authority security control in an electric power monitoring system.
In order to achieve the purpose, the invention adopts the following technical scheme:
according to the first aspect, the invention provides a method for safely managing and controlling authority in an electric power monitoring system, an account of the system is divided into a system management class, a service authorization class, a service operation and maintenance class and a service browsing class according to the minimum configuration of the authority, and authorization approval is carried out on authorization application through a service authorization class account;
the method for carrying out authorization approval on the authorization application through the service authorization type account is applied to an authorization application plug-in, and comprises the following steps:
receiving authorization application information sent by a service program, and selecting a current value service authorization account according to a predetermined matching rule;
sending authorization application information to an authorization approval unit; the authorization approval unit receives authorization application information, analyzes authorization application content, and pushes the authorization application content to the current value service authorization account, the current value service authorization account matches an authorization approval result according to a predetermined matching rule, and the authorization approval result is returned to the authorization application plug-in;
and receiving an authorization and verification result sent by the authorization and approval unit, and feeding back the authorization and verification result to the service program in a return value mode, wherein the service program makes corresponding service logic according to the return value.
Further, the receiving authorization application information sent by the service program, and selecting the current value service authorization type account according to the predetermined matching rule includes:
step 1: receiving authorization application information sent by a service program, comprising: the account name of the authorized application, the content and the type of the authorized application; judging whether the authorization application type is a login authorization application or an operation authorization application; if the login authorization application is the login authorization application, jumping to the step 2, and if the login authorization application is the operation authorization application, jumping to the step 3;
and 2, step: judging whether the account has abnormal behaviors, and if so, skipping to the step 4;
and step 3: judging whether the operation type is in a user-defined key operation list, if so, judging whether the operation type is in an authorized window period, and if not, skipping to the step 4;
and 4, step 4: obtaining a current value authorization class account list from a right real-time base;
and 5: judging whether the number of the value authorization accounts is larger than 1, if not, jumping to the step 7;
step 6: judging whether the account name of the authorization application is in the current value authorization type account list or not, if so, removing the application account from the acquired current value authorization type account list, displaying the rest current value authorization type accounts on an authorization application interface, and jumping to the step 8;
and 7: displaying a current value authorization account list on an authorization application interface;
and 8: and the authorization application account responds to the manual selection signal on the authorization application interface and selects an account of the authorization class of the current value service.
Further, the current value authorization class account list information includes: authorizing one or more of a username, presence status, presence node of the class account when the value.
Further, the abnormal behavior includes: the user login time is abnormal, and the user login time is abnormal.
Further, the authorization examination and approval unit receives the authorization application information, analyzes the authorization application content, and pushes the authorization application content to the current value service authorization type account, the current value service authorization type account matches the authorization examination result according to the predetermined matching rule, and returns the authorization examination result to the authorization application plugin, including:
step 1: receiving authorization application information, acquiring an application type from the authorization application information, and acquiring an authorization application account, abnormal behaviors, an authorization application node and authorization application time from the authorization application information if the authorization application information is a login authorization application; if the operation authorization application is carried out, acquiring an authorization application account, authorization application operation content, an authorization application node and authorization application time from an authorization application message;
and 2, step: pushing an authorization examination and approval interface to a monitoring picture of the current value service authorization account, and displaying analyzed authorization application content on the interface;
and step 3: and manually checking the current value service authorization account, writing a checking result into a historical database, and sending the checking result to the authorization application plug-in.
Further, the account of the when-value service authorization class is on duty comprises a when-value shift manager and a when-value shift operator, which have authorization capability and do not influence the authority of the operator to normally execute the service during the when-value period.
Furthermore, the service authorization class account of the first login system directly obtains the authorization capability of the class account and serves as a first duty manager, and the N authorization accounts are designated as duty operators by the first duty manager.
Further, when the authorization approval unit receives the authorization application information, the method further includes:
step 1: judging whether the node receives the authorization application message, if not, skipping to the step 2;
and 2, step: judging whether the value shift is the node, if not, jumping to the step 1;
and 3, step 3: judging whether the shift time of the shift time is up or down, if not, jumping to the step 1;
and 4, step 4: pushing a shift interface to the current shift manager, performing identity verification, and if the shift interface fails, failing to shift;
and 5: when the duty manager designates the next duty manager and the next batch of operators on the shift interface, and the authorization capability is given;
step 6: and recovering the authorization capacity of any previous shift keeper and the previous batch of shift personnel, and successfully handing over.
In a second aspect, the invention provides a method for safely managing and controlling permissions in an electric power monitoring system, wherein accounts of the system are divided into a system management class, a service authorization class, a service operation and maintenance class and a service browsing class according to minimum permission configuration, and authorization approval is performed on authorization application through a service authorization class account;
the method for carrying out authorization and approval on the authorization application through the service authorization type account is applied to an authorization and approval unit and comprises the following steps:
receiving authorization application information sent by an authorization application plug-in, analyzing authorization application content, and pushing to a current value service authorization type account, wherein the current value service authorization type account matches an authorization verification result according to a predetermined matching rule; the authorization application plug-in is used for receiving authorization application information sent by a service program, selecting a current value service authorization account according to a predetermined matching rule, and sending the authorization application information to an authorization approval unit;
and returning the authorization and verification result to the authorization application plug-in, wherein the authorization application plug-in receives the authorization and verification result sent by the authorization and verification unit and feeds the authorization and verification result back to the service program in a return value mode, and the service program makes corresponding service logic according to the return value.
In a third aspect, the present invention provides a device for controlling security of authority in an electric power monitoring system, which is applied to an authorized application plug-in, and includes:
the system comprises a current value service authorization type account selection unit, a current value service authorization type account selection unit and a current value service authorization type account selection unit, wherein the current value service authorization type account selection unit is used for receiving authorization application information sent by a service program and selecting a current value service authorization type account according to a predetermined matching rule;
the authorization application information sending unit is used for sending the authorization application information to the authorization approval unit; the authorization approval unit receives authorization application information, analyzes authorization application content, and pushes the authorization application content to the current value service authorization account, and the current value service authorization account matches an authorization approval result according to a predetermined matching rule and returns the authorization approval result to the authorization application plug-in;
and the authorization and audit result receiving and feedback unit is used for receiving the authorization and audit result sent by the authorization and approval unit and feeding back the authorization and audit result to the service program in a return value mode, wherein the service program makes corresponding service logic according to the return value.
Compared with the prior art, the invention has the following beneficial effects:
(1) Based on the minimum configuration of the authority, the accounts of the system are subdivided into a system management class, a service authorization class, a service operation and maintenance class and a service browsing class, and the service authorization class accounts uniformly carry out manual authorization approval on account login and key operation, so that the safety of authority control is enhanced, the behavior that a single person carries out malicious operation on purpose to damage a power grid is prevented, and the safety of the power monitoring system is guaranteed.
(2) The decoupling target of the business program and the authorization application function is achieved by adopting a plug-in mode and a servization mode for authorization approval, so that the expandability of the authorization application function is improved, and the difficulty of business program adaptation is reduced.
Drawings
Fig. 1 is a flowchart of a method for security control of authority in an electric power monitoring system according to an embodiment of the present invention;
FIG. 2 is a flow chart of an authorization request plug-in provided by an embodiment of the invention;
fig. 3 is a flowchart of an authorization approval service according to an embodiment of the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings. The following examples are only for illustrating the technical solutions of the present invention more clearly, and the protection scope of the present invention is not limited thereby.
Example 1
The embodiment introduces a method for controlling the security of authority in an electric power monitoring system, which divides an account of the system into a system management class, a service authorization class, a service operation and maintenance class and a service browsing class according to the minimum configuration of the authority, and authorizes and approves an authorization application through a service authorization class account;
the method for carrying out authorization approval on the authorization application through the service authorization type account is applied to an authorization application plug-in, and comprises the following steps:
receiving authorization application information sent by a service program, and selecting a current value service authorization account according to a predetermined matching rule;
sending authorization application information to an authorization approval unit; the authorization approval unit receives authorization application information, analyzes authorization application content, and pushes the authorization application content to the current value service authorization account, the current value service authorization account matches an authorization approval result according to a predetermined matching rule, and the authorization approval result is returned to the authorization application plug-in;
and receiving an authorization and verification result sent by the authorization and approval unit, and feeding back the authorization and verification result to the service program in a return value mode, wherein the service program makes corresponding service logic according to the return value.
The contents of the above embodiments will be described below with reference to the accompanying drawings.
The method for safely managing and controlling the authority in the power monitoring system is used for preventing the behavior of account abnormal login and the behavior of a single person maliciously executing key business operation to damage the system, and realizes a general authorization confirmation mechanism by providing an authorization application plug-in and an authorization approval service; the service program selectively loads an authorization application plug-in according to whether an authorization confirmation mechanism is needed by the service or not, the authorization application plug-in acquires a list of authorization type accounts of current values and nodes where the authorization type accounts are located, then an authorization application interface is pushed, the authorization application account manually selects one authorization type account of the current values on the application interface, and the authorization application plug-in sends authorization application information to authorization approval service according to the selected information, wherein the authorization application information comprises: an authorized application account, an authorized application type, authorized application content and the like; the authorization approval service receives the authorization application message, pushes an authorization approval picture to a current value authorization account of the node, the authorization account manually audits application information on an authorization approval interface, after audit confirmation, the authorization approval service sends an audit result to a corresponding authorization application plugin, the authorization application plugin feeds the authorization audit result back to a service program in a value return mode, and finally the service program makes corresponding service logic according to the return value, which is specifically shown in fig. 1.
The specific flow of the authorization application plug-in is shown in fig. 2, and the steps are as follows:
1. the service loads an authorization application plug-in unit according to the requirement and inputs a current authorization application message, and the method comprises the following steps: authorizing the account name of the application and the content and type of the application, judging the type of the application by an authorization application plug-in, and jumping to the step 2 if the application is a login authorization application; if the operation authorization application is received, jumping to the step 3;
2. the authorized application plug-in judges whether the account has abnormal behaviors, if not, the step 10 is skipped; if yes, jumping to the step 4;
3. the authorized application plug-in judges whether the operation type is in the user-defined key operation list, if not, the step 10 is skipped;
4. obtaining the current value authorization type account list information from the right real-time base, including: when the value authorizes the user name, online state, online node and the like of the account;
5. judging whether the number of the value authorization accounts is larger than 1 or not, and jumping to the step 7 if not;
6. judging whether the account name of the authorization application is in the current value authorization account, if so, removing the account from the acquired current value authorization account list, displaying the rest current value authorization account on an authorization application interface, and then jumping to the step 8;
7. displaying a current value authorization account list on an authorization application interface;
8. after the authorization application account manually selects a current value authorization account on an authorization application interface, the authorization application plug-in sends an authorization application message and waits for an authorization application result;
9. receiving an authorization application result and returning;
10. returning to success;
the specific process of the authorization approval service application message and the shift change of the current value authorization account is shown in fig. 3, and the steps are as follows:
1. judging whether the node receives the authorization application message, if not, jumping to the 6 th step;
2. obtaining an application type from the authorization application message, and if the application type is a login authorization application, obtaining an authorization application account, abnormal behaviors, an authorization application node and authorization application time from the authorization application message; if the authorization application is operated, acquiring an authorization application account, authorization application operation content, an authorization application node and authorization application time from the authorization application message;
3. pushing an authorization examination and approval interface to a monitoring picture of the current value authorization account, and displaying analyzed authorization application content on the interface;
4. the current value authorization account is manually checked, the checking result is written into a historical database, the checking result is sent to an authorization application plug-in unit, and the step 5 is skipped;
5. the authorization examination and approval is successful, and the process returns;
6. judging whether the current value shift length is the node, if not, jumping to the step 1;
7. judging whether the shift time of the shift time is up or down, if not, jumping to the step 1;
8. pushing a shift interface to the current shift manager, performing identity verification, and jumping to the step 12 if the identity verification fails;
9. when the duty manager designates the next duty manager and the next batch of operators on the shift interface, and the authorization capability is given;
10. recovering the authorization capability of the previous duty leader and the previous batch of operators on duty, and jumping to the step 11;
11. the shift is successful and returns;
12. shift to shift failure and return.
The embodiment provides a method for managing and controlling authority security in an electric power monitoring system, which prevents a single person from maliciously executing a business key operation to damage the behavior of the system; the abnormal logging behavior of the account is prevented and the logging risk of the system account is reduced by monitoring and forcing the abnormal behavior of the account to require authorized logging; by providing an authorization application plug-in and authorization approval service, the difficulty of business transformation is reduced, and the high expansibility of plug and play of authorization application is realized.
Example 2
The embodiment introduces a method for controlling authority security in an electric power monitoring system, which divides an account of the electric power monitoring system into four types of service unauthorized accounts and service authorized accounts, such as a system management type, a service operation and maintenance type, a service browsing type and the like, wherein the service authorized accounts have the capability of performing authorized login on abnormal account login and the capability of performing authorized operation on account service key operation; the service authorization class account comprises a duty-on duty manager and a duty-on duty member when in duty, and both of the service authorization class account and the duty-on duty member have authorization capability and do not influence the authority of normally executing the service during the duty-on duty period; the service authorization class account has the shift-over characteristic, and the last authorized shift keeper designates the next authorized shift keeper and the next authorized shift keeper.
The login box of the power monitoring system has the function of authorization application by loading a login authorization plug-in, and the login authorization plug-in judges whether an input account needs to be subjected to login authorization application operation; the user-defined service key operation has an operation authorization application function by loading an operation authorization plug-in, and the operation authorization plug-in performs operation authorization application operation according to the information of the key operation.
The specific method for carrying out authorization approval on the service authorization account comprises the following steps:
step 1, when a system is just started, directly obtaining the authorization capability of a service authorization type account of a first login system as a first duty length, and appointing N service authorization type accounts as duty operators by the service authorization type account;
step 2, after the on-duty person or the on-duty person receives an approval interface pushed by the authorization approval service, performing manual authorization confirmation;
step 3, after the duty shift manager receives the shift interface pushed by the authorization examination and approval service, the duty shift manager designates the next duty shift manager and the next duty worker, and if the duty shift manager does not designate or fails to designate, the authorization capabilities of the duty shift manager and the duty worker are not recovered; if the assignment is successful, the authorization examination and approval service endows the next duty manager and the next duty worker with the authorization capability formally; and recovering the authorization capability of any previous attendant and previous attendants;
the specific method for the login authorization application of the abnormal account comprises the following steps:
step 1, a user logs in an account by using a login frame, after identity authentication and authentication are successful, the login frame loads a login authorization plug-in, and the login authorization plug-in judges whether the account has abnormal behaviors, wherein the abnormal behaviors comprise: locking the user after multiple login failures, sleeping the user after long-time un-login, unauthorized the user, abnormal user login time and the like, and if not, jumping to the step 5;
step 2, popping up a login authorization application interface, acquiring a current value authorization type account list and displaying the current value authorization type account and a corresponding login node on the interface;
step 3, the user selects a current value authorization type account and sends a login authorization application message, which comprises the following steps: information such as an account and a login node which need to be logged in waits for an authorization application result; if the login authorization application is successful, jumping to the step 5; if the login authorization application fails, jumping to the step 4;
step 4, the user fails to log in and returns an error code;
step 5, the user logs in successfully and returns;
the specific method for performing authorization operation by the service key operation comprises the following steps:
step 1, when the online account performs service key operation, if the service key operation is not in the user-defined key operation list, jumping to step 5;
step 2, judging whether the key operation of the current service is in a sliding window, if so, jumping to step 5;
step 3, popping up an operation authorization application interface, and listing the currently on-duty authorization account and the node where the currently on-duty authorization account is located on the interface;
step 4, the user selects an authorized account with the current value and sends an operation authorization application message, which comprises the following steps: information such as an operated online account, an operated node, operation time, operation content and the like waits for an authorization application result; if the operation authorization application is successful, jumping to the step 5; if the login authorization application fails, jumping to step 6;
step 5, allowing the operation to be executed and returning an operation result;
and 6, not allowing the operation to be executed, and returning an error code.
Example 3
The embodiment provides a method for safely managing and controlling authority in an electric power monitoring system, which divides an account of the system into a system management class, a service authorization class, a service operation and maintenance class and a service browsing class according to the minimum configuration of the authority, and authorizes and approves an authorization application through a service authorization class account;
the method for carrying out authorization and approval on the authorization application through the service authorization type account is applied to an authorization and approval unit and comprises the following steps:
receiving authorization application information sent by an authorization application plug-in, analyzing authorization application content, and pushing to a current value service authorization type account, wherein the current value service authorization type account matches an authorization verification result according to a predetermined matching rule; the authorization application plug-in is used for receiving authorization application information sent by a service program, selecting a current service authorization account according to a predetermined matching rule, and sending the authorization application information to an authorization examination and approval unit;
and returning the authorization and verification result to the authorization application plug-in, wherein the authorization application plug-in receives the authorization and verification result sent by the authorization and verification unit and feeds the authorization and verification result back to the service program in a return value mode, and the service program makes corresponding service logic according to the return value.
Example 4
The embodiment provides a device of authority safety management and control in electric power monitored control system, is applied to the mandate and applies for the plug-in, includes:
the system comprises a current value service authorization type account selection unit, a current value service authorization type account selection unit and a current value service authorization type account selection unit, wherein the current value service authorization type account selection unit is used for receiving authorization application information sent by a service program and selecting a current value service authorization type account according to a predetermined matching rule;
the authorization application information sending unit is used for sending the authorization application information to the authorization approval unit; the authorization approval unit receives authorization application information, analyzes authorization application content, and pushes the authorization application content to the current value service authorization account, and the current value service authorization account matches an authorization approval result according to a predetermined matching rule and returns the authorization approval result to the authorization application plug-in;
and the authorization and audit result receiving and feedback unit is used for receiving the authorization and audit result sent by the authorization and approval unit and feeding the authorization and audit result back to the service program in a return value mode, wherein the service program makes corresponding service logic according to the return value.
The above description is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, it is possible to make various improvements and modifications without departing from the technical principle of the present invention, and those improvements and modifications should be considered as the protection scope of the present invention.

Claims (10)

1. A method for managing and controlling authority security in an electric power monitoring system is characterized in that accounts of the system are divided into a system management class, a service authorization class, a service operation and maintenance class and a service browsing class according to the minimum configuration of the authority, and authorization application is authorized and approved through a service authorization class account;
the method for carrying out authorization approval on the authorization application through the service authorization type account is applied to an authorization application plug-in, and comprises the following steps:
receiving authorization application information sent by a service program, and selecting a current service authorization account according to a predetermined matching rule;
sending authorization application information to an authorization approval unit; the authorization approval unit receives authorization application information, analyzes authorization application content, and pushes the authorization application content to the current value service authorization account, and the current value service authorization account matches an authorization approval result according to a predetermined matching rule and returns the authorization approval result to the authorization application plug-in;
and receiving an authorization and verification result sent by the authorization and approval unit, and feeding back the authorization and verification result to the service program in a return value mode, wherein the service program makes corresponding service logic according to the return value.
2. The method for authority security control in the power monitoring system according to claim 1, wherein: the receiving of the authorization application information sent by the service program and the selection of the current value service authorization account according to the predetermined matching rule include:
step 1: receiving authorization application information sent by a service program, wherein the authorization application information comprises: the account name of the authorized application, the content and the type of the authorized application; judging whether the authorization application type is a login authorization application or an operation authorization application; if the login authorization application is the login authorization application, jumping to the step 2, and if the login authorization application is the operation authorization application, jumping to the step 3;
step 2: judging whether the account has abnormal behaviors, and if so, skipping to the step 4;
and 3, step 3: judging whether the operation type is in a user-defined key operation list, if so, judging whether the operation type is in an authorized window period, and if not, skipping to the step 4;
and 4, step 4: obtaining a current value authorization class account list from a right real-time base;
and 5: judging whether the number of the current value authorization type accounts is larger than 1, if not, jumping to the step 7;
step 6: judging whether the account name of the authorization application is in the current value authorization type account list or not, if so, removing the application account from the acquired current value authorization type account list, displaying the rest current value authorization type accounts on an authorization application interface, and jumping to the step 8;
and 7: displaying a current value authorization account list on an authorization application interface;
and 8: and the authorization application account responds to the manual selection signal on the authorization application interface and selects an account of the authorization class of the current value service.
3. The method for authority security control in the power monitoring system according to claim 2, wherein: the current value authorization type account list information comprises: authorizing one or more of a username, presence status, presence node of the class account when the value.
4. The method for authority security control in the power monitoring system according to claim 2, wherein: the abnormal behavior comprises: the user login failure is locked, the user is not logged in for a long time and is dormant, the user is not authorized, and the user login time is abnormal.
5. The method for authority security control in the power monitoring system according to claim 1, wherein: the authorization examination and approval unit receives the authorization application information, analyzes the authorization application content, and pushes the authorization application content to the current value service authorization type account, the current value service authorization type account matches the authorization examination result according to the predetermined matching rule, and returns the authorization examination result to the authorization application plug-in, including:
step 1: receiving authorization application information, acquiring an application type from the authorization application information, and acquiring an authorization application account, abnormal behaviors, an authorization application node and authorization application time from the authorization application information if the authorization application information is a login authorization application; if the operation authorization application is carried out, acquiring an authorization application account, authorization application operation content, an authorization application node and authorization application time from an authorization application message;
step 2: pushing an authorization examination and approval interface to a monitoring picture of the current value service authorization account, and displaying analyzed authorization application content on the interface;
and 3, step 3: and manually checking the current value service authorization account, writing a checking result into a historical database, and sending the checking result to the authorization application plug-in.
6. The method for authority security control in the power monitoring system according to claim 5, wherein: the account of the when-value service authorization class on duty comprises a when-value on-duty manager and a when-value on-duty person, which have authorization capability and do not influence the authority of the user to normally execute the service during the time period of the value.
7. The method for authority security control in the power monitoring system according to claim 5, wherein: the service authorization class account of the first login system directly obtains the authorization capability of the class account and is used as a first duty value shift master, and N authorization accounts are assigned as duty value shift operators by the service authorization class account.
8. The method for authority security control in the power monitoring system according to claim 7, wherein: when the authorization approval unit receives the authorization application information, the method further comprises the following steps:
step 1: judging whether the node receives the authorization application message, if not, skipping to the step 2;
step 2: judging whether the current value shift length is the node, if not, jumping to the step 1;
and step 3: judging whether the shift time of the shift time is up or down, if not, jumping to the step 1;
and 4, step 4: pushing a shift interface to the current shift manager, performing identity verification, and if the shift interface fails, failing to shift;
and 5: when the duty manager designates the next duty manager and the next batch of operators on the shift interface, and the authorization capability is given;
and 6: and recovering the authorization capability of the previous shift keeper and the previous batch of operators, and successfully handing over.
9. A method for safely managing and controlling authority in an electric power monitoring system is characterized in that accounts of the system are divided into a system management class, a service authorization class, a service operation and maintenance class and a service browsing class according to the minimum configuration of the authority, and authorization approval is carried out on authorization application through a service authorization class account;
the method for carrying out authorization and approval on the authorization application through the service authorization type account is applied to an authorization and approval unit and comprises the following steps:
receiving authorization application information sent by an authorization application plug-in, analyzing authorization application content, and pushing to a current value service authorization type account, wherein the current value service authorization type account matches an authorization verification result according to a predetermined matching rule; the authorization application plug-in is used for receiving authorization application information sent by a service program, selecting a current service authorization account according to a predetermined matching rule, and sending the authorization application information to an authorization examination and approval unit;
and returning the authorization and verification result to the authorization application plug-in, wherein the authorization application plug-in receives the authorization and verification result sent by the authorization and verification unit and feeds the authorization and verification result back to the service program in a return value mode, and the service program makes corresponding service logic according to the return value.
10. The utility model provides a device of authority safety management and control among electric power monitored control system which characterized in that is applied to the mandate and applies for the plug-in, includes:
the system comprises a current value service authorization type account selection unit, a current value service authorization type account selection unit and a current value service authorization type account selection unit, wherein the current value service authorization type account selection unit is used for receiving authorization application information sent by a service program and selecting a current value service authorization type account according to a predetermined matching rule;
the authorization application information sending unit is used for sending the authorization application information to the authorization approval unit; the authorization approval unit receives authorization application information, analyzes authorization application content, and pushes the authorization application content to the current value service authorization account, the current value service authorization account matches an authorization approval result according to a predetermined matching rule, and the authorization approval result is returned to the authorization application plug-in;
and the authorization and audit result receiving and feedback unit is used for receiving the authorization and audit result sent by the authorization and approval unit and feeding the authorization and audit result back to the service program in a return value mode, wherein the service program makes corresponding service logic according to the return value.
CN202210528843.3A 2022-05-16 2022-05-16 Method and device for authority safety control in power monitoring system Pending CN115270108A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210528843.3A CN115270108A (en) 2022-05-16 2022-05-16 Method and device for authority safety control in power monitoring system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210528843.3A CN115270108A (en) 2022-05-16 2022-05-16 Method and device for authority safety control in power monitoring system

Publications (1)

Publication Number Publication Date
CN115270108A true CN115270108A (en) 2022-11-01

Family

ID=83759115

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210528843.3A Pending CN115270108A (en) 2022-05-16 2022-05-16 Method and device for authority safety control in power monitoring system

Country Status (1)

Country Link
CN (1) CN115270108A (en)

Similar Documents

Publication Publication Date Title
CN101232203B (en) Apparatus, methods and system for role-based access in an intelligent electronic device
CN103117993B (en) For the method, apparatus and product of the fire wall for providing Process Control System
CN110011848B (en) Mobile operation and maintenance auditing system
CN108470313A (en) A kind of operation operation overall process management-control method and system based on mobile internet
CN107800783B (en) Method and device for remotely monitoring server
CN109525547B (en) Application security management system and edge server
CN111106671B (en) Five-prevention management control method and system for substation coded lock
WO2011023533A1 (en) Checking a configuration modification for an ied
CN110930551A (en) Unlocking method and device, password authorization method and device, and door lock system
CN107704739A (en) Microcomputer anti-error operating system and method, anti-error main frame with listed function, Intelligent key, intelligent lock
CN115549769A (en) Satellite communication system bright and dense state switching method based on automatic control
CN115270108A (en) Method and device for authority safety control in power monitoring system
CN116802634A (en) Leuch software mitigation system and method for mitigating Leuch software attacks
CN110750779A (en) Terminal maintenance management method, device, equipment and storage medium
CN105491118B (en) A kind of avionics Ethernet data loading system
CN106549493B (en) Transformer substation anti-misoperation unlocking control device and control method
US20040153673A1 (en) Information management method, information managing system, central apparatus, terminal apparatus, and computer program product
CN116362695B (en) Scheduling end operation management method, system, equipment and medium
CN112785756B (en) Anti-misoperation locking management system, method, equipment and storage medium
CN114243896B (en) Remote control master station whole process operation checking method and system considering multidimensional information
CN109842687A (en) Smart lock management server
CN113611014B (en) Five-prevention lockset management method based on block chain
CN113010225B (en) Automatic loading method and system for configuration files of intelligent substation
CN113593082B (en) Five-prevention lockset management method and system based on blockchain
CN116343368A (en) Intelligent door lock control method and system for distribution room

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination