CN116821879B - Visual system role management system - Google Patents

Visual system role management system Download PDF

Info

Publication number
CN116821879B
CN116821879B CN202311115511.3A CN202311115511A CN116821879B CN 116821879 B CN116821879 B CN 116821879B CN 202311115511 A CN202311115511 A CN 202311115511A CN 116821879 B CN116821879 B CN 116821879B
Authority
CN
China
Prior art keywords
role
character
digit
authority
request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202311115511.3A
Other languages
Chinese (zh)
Other versions
CN116821879A (en
Inventor
严松
孙晓宇
刘利科
黄奎
陈俊林
何超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jixian Information Technology Co ltd
Original Assignee
Beijing Jixian Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jixian Information Technology Co ltd filed Critical Beijing Jixian Information Technology Co ltd
Priority to CN202311115511.3A priority Critical patent/CN116821879B/en
Publication of CN116821879A publication Critical patent/CN116821879A/en
Application granted granted Critical
Publication of CN116821879B publication Critical patent/CN116821879B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a visual system role management system, which belongs to the technical field of data processing and comprises a role information acquisition unit, a role verification unit, a role authority matching unit and a role access unit; the role information acquisition unit is used for acquiring a role ID number of a user; the role verification unit is used for verifying the role ID number of the user; the role authority matching unit is used for matching the corresponding authorities for the checked role ID numbers, and the role access unit is used for accessing the system according to the matched authorities and visually displaying the accessed information. The role management system can perform role verification on the ID number of the access enterprise system, so that only the user passing verification can access the enterprise system; aiming at the authenticated user, the role management system also matches the authority of the user, ensures that the user only operates within the permission when accessing the system, and ensures the security of the whole system.

Description

Visual system role management system
Technical Field
The invention belongs to the technical field of data processing, and particularly relates to a visual system role management system.
Background
Information security is one of the important problems to be considered when enterprises deploy various management systems, in order to enable each user to have reasonable system authority, system functions are used in the authority range, and various different solutions are adopted by the enterprise management systems on the market at present. However, the existing management system usually adopts the management authority of the human verification system role, which can bring about extremely large workload.
Disclosure of Invention
In order to solve the problems, the invention provides a visual system role management system.
The technical scheme of the invention is as follows: a visual system role management system comprises a role information acquisition unit, a role verification unit, a role authority matching unit and a role access unit;
the role information acquisition unit is used for acquiring a role ID number of a user;
the role verification unit is used for verifying the role ID number of the user;
the role authority matching unit is used for matching corresponding authorities for the role ID numbers passing the verification;
the role access unit is used for accessing the system according to the matched authority and visually displaying the accessed information.
Further, the character verification unit verifying the character ID number of the user includes the steps of:
extracting the number of the character ID number to generate a character number sequence;
uniformly splitting a character number sequence into a plurality of character number subsequences, and extracting a first digit and a last digit of each character number subsequence to form a character number set;
calculating a role verification threshold according to the role number set;
constructing a role checking function;
and inputting the character digital subsequences into the character checking function to generate a character checking value, if the character checking value is greater than or equal to a character checking threshold value, checking passing, otherwise, checking failing.
The beneficial effects of the above-mentioned further scheme are: in the invention, the system will be provided with the character ID numbers for each user, and the ID numbers are generally composed of a plurality of numbers, so that the verification of the character ID numbers by the invention can be understood as the verification of the numbers. When checking the character ID number, the character ID number is split into a plurality of digital subsequences, and the character checking threshold value is determined by the head and tail numbers of the digital subsequences, so that each digital subsequence can be accurately positioned. And performing role verification operation on each digit of the character ID number, and comparing the operation result with a role verification threshold value to determine that verification passes.
Further, the calculation formula of the role verification threshold alpha is as follows:
the method comprises the steps of carrying out a first treatment on the surface of the Wherein, c m0 The first digit, c, representing the m-th character digit subsequence m1 The last digit, c, representing the m-th character digit subsequence (m-1)0 The first digit, c, representing the m-1 character digit subsequence (m-1)1 The last digit of the M-1 character digit subsequence is represented, and M represents the number of character digit subsequences.
Further, the expression of the role check function Z is:
the method comprises the steps of carrying out a first treatment on the surface of the Wherein M represents the number of character digit subsequences, N represents the number of digits of the character digit subsequences, d mn Representing the nth digit in the nth character digit subsequence, d m (n-1) Represents the n-1 th digit in the m-th character digit subsequence, d m (n-2) Represents the n-2 th digit in the m-th character digit subsequence, d m (n-3) Representing the n-3 number in the m-th character number subsequence, log (·) represents a logarithmic function.
Further, the role authority matching unit matching authority includes the steps of:
preprocessing the character ID number passing the verification to generate a standard character ID number;
acquiring a request report corresponding to the standard role ID number, and acquiring a data field in the request report;
acquiring request parameters of a request report;
generating request authority weight of a standard role ID number according to the data field and the request parameters of the request report;
and matching corresponding rights according to the request rights weight of the standard role ID number.
The beneficial effects of the above-mentioned further scheme are: in the present invention, the data fields are built-in variable expressions related to various report elements, which can be used directly and generate specific values at run-time. When the rights are matched, the value of the rights requesting weight can be determined to be 1 or 0 by acquiring the report type, the data field, the request parameters and other related information of the request report and performing operation. When the value of the request authority weight is 1, the authority of the user is higher, and the operations such as accessing, modifying, storing and changing the password can be performed; when the request authority weight of the standard role ID number is 0, the authority of the user is lower, and only access operation can be performed.
Further, the method for generating the standard role ID number specifically comprises the following steps: and converting the character ID number passing verification into binary data to generate a standard character ID number.
Further, the request parameters of the request report include the request duration and report type.
Further, the calculation formula of the request authority weight gamma of the standard role ID number is as follows:
,/>
wherein θ represents the tag value of the standard role ID number, T represents the request time length, f (·) represents the variable expression corresponding to the data field, G represents the binary data number corresponding to the standard role ID number, l g The value of the g-th binary data in the standard character ID number is represented, epsilon represents the minimum number, and sigma represents the 0-1 variable corresponding to the request type.
Further, the specific method for matching the corresponding rights according to the request rights weight of the standard role ID number is as follows: if the request authority weight of the standard role ID number is 1, the access authority of the user comprises access authority, modification authority, storage authority and password changing authority; if the request authority weight of the standard role ID number is 0, the access authority of the user comprises the access authority.
The beneficial effects of the above-mentioned further scheme are: in the invention, the access authority indicates that the user can check the enterprise system through the character ID number passing through the verification, the modification authority indicates that the user can modify the information of the enterprise system through the character ID number passing through the verification, the preservation authority indicates that the user can modify the information of the enterprise system through the character ID number passing through the verification and then carry out the preservation operation, and the password modification authority indicates that the user can modify the personal ID number password through the character ID number passing through the verification so as to better protect the private ID number information.
The beneficial effects of the invention are as follows: the role management system can perform role verification on the ID number of the access enterprise system, so that only the user passing verification can access the enterprise system; aiming at the authenticated user, the role management system also matches the authority of the user, ensures that the user only operates within the permission when accessing the system, and ensures the security of the whole system.
Drawings
Fig. 1 is a schematic diagram of a system role management system in a visual manner.
Detailed Description
Embodiments of the present invention are further described below with reference to the accompanying drawings.
As shown in fig. 1, the present invention provides a visual system role management system, which comprises a role information acquisition unit, a role verification unit, a role authority matching unit and a role access unit;
the role information acquisition unit is used for acquiring a role ID number of a user;
the role verification unit is used for verifying the role ID number of the user;
the role authority matching unit is used for matching corresponding authorities for the role ID numbers passing the verification;
the role access unit is used for accessing the system according to the matched authority and visually displaying the accessed information.
In the embodiment of the present invention, the role verification unit verifies the role ID number of the user, including the steps of:
extracting the number of the character ID number to generate a character number sequence;
uniformly splitting a character number sequence into a plurality of character number subsequences, and extracting a first digit and a last digit of each character number subsequence to form a character number set;
calculating a role verification threshold according to the role number set;
constructing a role checking function;
and inputting the character digital subsequences into the character checking function to generate a character checking value, if the character checking value is greater than or equal to a character checking threshold value, checking passing, otherwise, checking failing.
In the invention, the system will be provided with the character ID numbers for each user, and the ID numbers are generally composed of a plurality of numbers, so that the verification of the character ID numbers by the invention can be understood as the verification of the numbers. When checking the character ID number, the character ID number is split into a plurality of digital subsequences, and the character checking threshold value is determined by the head and tail numbers of the digital subsequences, so that each digital subsequence can be accurately positioned. And performing role verification operation on each digit of the character ID number, and comparing the operation result with a role verification threshold value to determine that verification passes.
In the embodiment of the invention, the calculation formula of the role verification threshold alpha is as follows:
the method comprises the steps of carrying out a first treatment on the surface of the Wherein, c m0 The first digit, c, representing the m-th character digit subsequence m1 The last digit, c, representing the m-th character digit subsequence (m-1)0 The first digit, c, representing the m-1 character digit subsequence (m-1)1 The last digit of the M-1 character digit subsequence is represented, and M represents the number of character digit subsequences.
In the embodiment of the invention, the expression of the role verification function Z is as follows:
the method comprises the steps of carrying out a first treatment on the surface of the Wherein M represents a character number sub-sequenceThe number of columns, N, represents the number of digits of the character digit subsequence, d mn Representing the nth digit in the nth character digit subsequence, d m (n-1) Represents the n-1 th digit in the m-th character digit subsequence, d m (n-2) Represents the n-2 th digit in the m-th character digit subsequence, d m (n-3) Representing the n-3 number in the m-th character number subsequence, log (·) represents a logarithmic function.
Since the character number subsequence is obtained by equally dividing the character number sequence, the number of digits of each character number subsequence is the same.
In the embodiment of the invention, the role authority matching unit matching authority comprises the following steps:
preprocessing the character ID number passing the verification to generate a standard character ID number;
acquiring a request report corresponding to the standard role ID number, and acquiring a data field in the request report;
acquiring request parameters of a request report;
generating request authority weight of a standard role ID number according to the data field and the request parameters of the request report;
and matching corresponding rights according to the request rights weight of the standard role ID number.
In the present invention, the data fields are built-in variable expressions related to various report elements, which can be used directly and generate specific values at run-time. When the rights are matched, the value of the rights requesting weight can be determined to be 1 or 0 by acquiring the report type, the data field, the request parameters and other related information of the request report and performing operation. When the value of the request authority weight is 1, the authority of the user is higher, and the operations such as accessing, modifying, storing and changing the password can be performed; when the request authority weight of the standard role ID number is 0, the authority of the user is lower, and only access operation can be performed.
In the embodiment of the invention, the generation method of the standard role ID number specifically comprises the following steps: and converting the character ID number passing verification into binary data to generate a standard character ID number.
In the embodiment of the invention, the request parameters of the request report include the request time length and the report type.
In the embodiment of the invention, the calculation formula of the request authority weight gamma of the standard role ID number is as follows:
,/>the method comprises the steps of carrying out a first treatment on the surface of the Wherein θ represents the tag value of the standard role ID number, T represents the request time length, f (·) represents the variable expression corresponding to the data field, G represents the binary data number corresponding to the standard role ID number, l g The value of the g-th binary data in the standard character ID number is represented, epsilon represents the minimum number, and sigma represents the 0-1 variable corresponding to the request type.
l g =1 or 0. If the request report type is boolean, σ=0, and σ=1 corresponding to the request report of the rest types. The value of the boolean report has only two possibilities, namely true or false, and the value range is fixed, so that the boolean report has less influence on the request authority weight, and the corresponding variable sigma=0.
In the embodiment of the invention, the specific method for matching the corresponding rights according to the request rights weight of the standard role ID number is as follows: if the request authority weight of the standard role ID number is 1, the access authority of the user comprises access authority, modification authority, storage authority and password changing authority; if the request authority weight of the standard role ID number is 0, the access authority of the user comprises the access authority.
In the invention, the access authority indicates that the user can check the enterprise system through the character ID number passing through the verification, the modification authority indicates that the user can modify the information of the enterprise system through the character ID number passing through the verification, the preservation authority indicates that the user can modify the information of the enterprise system through the character ID number passing through the verification and then carry out the preservation operation, and the password modification authority indicates that the user can modify the personal ID number password through the character ID number passing through the verification so as to better protect the private ID number information.
Those of ordinary skill in the art will recognize that the embodiments described herein are for the purpose of aiding the reader in understanding the principles of the present invention and should be understood that the scope of the invention is not limited to such specific statements and embodiments. Those of ordinary skill in the art can make various other specific modifications and combinations from the teachings of the present disclosure without departing from the spirit thereof, and such modifications and combinations remain within the scope of the present disclosure.

Claims (3)

1. The visualized system role management system is characterized by comprising a role information acquisition unit, a role verification unit, a role authority matching unit and a role access unit;
the role information acquisition unit is used for acquiring a role ID number of a user;
the role verification unit is used for verifying the role ID number of the user;
the role authority matching unit is used for matching corresponding authorities for the role ID numbers passing the verification;
the role access unit is used for accessing the system according to the matched authority and visually displaying the accessed information;
the character verification unit verifies the character ID number of the user, including the steps of:
extracting the number of the character ID number to generate a character number sequence;
uniformly splitting a character number sequence into a plurality of character number subsequences, and extracting a first digit and a last digit of each character number subsequence to form a character number set;
calculating a role verification threshold according to the role number set;
constructing a role checking function;
inputting a plurality of character digital subsequences into a character checking function to generate a character checking value, if the character checking value is greater than or equal to a character checking threshold value, checking passing, otherwise, checking failing;
the calculation formula of the role verification threshold alpha is as follows:
the method comprises the steps of carrying out a first treatment on the surface of the Wherein, c m0 The first digit, c, representing the m-th character digit subsequence m1 The last digit, c, representing the m-th character digit subsequence (m-1)0 The first digit, c, representing the m-1 character digit subsequence (m-1)1 The last digit of the M-1 character digit subsequence is represented, and M represents the number of character digit subsequences;
the expression of the role verification function Z is as follows:
the method comprises the steps of carrying out a first treatment on the surface of the Wherein M represents the number of character digit subsequences, N represents the number of digits of the character digit subsequences, d mn Representing the nth digit in the nth character digit subsequence, d m (n-1) Represents the n-1 th digit in the m-th character digit subsequence, d m (n-2) Represents the n-2 th digit in the m-th character digit subsequence, d m (n-3) Representing the n-3 number in the m-th role number subsequence, log (·) representing a logarithmic function;
the role authority matching unit matching authority includes the following steps:
preprocessing the character ID number passing the verification to generate a standard character ID number;
acquiring a request report corresponding to the standard role ID number, and acquiring a data field in the request report;
acquiring request parameters of a request report;
generating request authority weight of a standard role ID number according to the data field and the request parameters of the request report;
matching corresponding rights according to the request rights weight of the standard role ID number;
the calculation formula of the request authority weight gamma of the standard role ID number is as follows:
,/>the method comprises the steps of carrying out a first treatment on the surface of the Wherein θ represents the tag value of the standard role ID number, T represents the request time length, f (·) represents the variable expression corresponding to the data field, G represents the binary data number corresponding to the standard role ID number, l g The value of the g binary data in the standard role ID number is represented, epsilon represents the minimum number, and sigma represents the 0-1 variable corresponding to the request type;
the specific method for matching the corresponding rights according to the request rights weight of the standard role ID number comprises the following steps: if the request authority weight of the standard role ID number is 1, the access authority of the user comprises access authority, modification authority, storage authority and password changing authority; if the request authority weight of the standard role ID number is 0, the access authority of the user comprises the access authority.
2. The visualized system role management system of claim 1, wherein the method for generating the standard role ID number specifically comprises: and converting the character ID number passing verification into binary data to generate a standard character ID number.
3. The visual system of claim 1, wherein the request parameters of the request report include a request duration and a report type.
CN202311115511.3A 2023-08-31 2023-08-31 Visual system role management system Active CN116821879B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311115511.3A CN116821879B (en) 2023-08-31 2023-08-31 Visual system role management system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311115511.3A CN116821879B (en) 2023-08-31 2023-08-31 Visual system role management system

Publications (2)

Publication Number Publication Date
CN116821879A CN116821879A (en) 2023-09-29
CN116821879B true CN116821879B (en) 2023-11-07

Family

ID=88141422

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311115511.3A Active CN116821879B (en) 2023-08-31 2023-08-31 Visual system role management system

Country Status (1)

Country Link
CN (1) CN116821879B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103281259A (en) * 2013-05-20 2013-09-04 中国科学院信息工程研究所 Inter-domain access control method based on dynamic self regulation
CN109495514A (en) * 2018-12-29 2019-03-19 南方电网科学研究院有限责任公司 Role access control system and method based on edge terminal
CN109598117A (en) * 2018-10-24 2019-04-09 平安科技(深圳)有限公司 Right management method, device, electronic equipment and storage medium
CN110222524A (en) * 2019-05-07 2019-09-10 深圳壹账通智能科技有限公司 The authorization check method, apparatus and terminal device of uniform resource locator request
CN112774200A (en) * 2021-01-22 2021-05-11 北京字跳网络技术有限公司 Role interaction control method and device, computer equipment and storage medium
CN114360114A (en) * 2022-03-14 2022-04-15 云丁网络技术(北京)有限公司 User authority management method and system
CN116484425A (en) * 2023-04-24 2023-07-25 长春嘉诚信息技术股份有限公司 Authority management method based on information system

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101572603B (en) * 2008-04-30 2012-05-30 国际商业机器公司 System and method for unified access control for composition service in distributed environment
US9280566B2 (en) * 2012-11-02 2016-03-08 Ca, Inc. System and method for visual role engineering
US20220345460A1 (en) * 2019-09-30 2022-10-27 Equifax Inc. Third-party access-control support using role history analysis

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103281259A (en) * 2013-05-20 2013-09-04 中国科学院信息工程研究所 Inter-domain access control method based on dynamic self regulation
CN109598117A (en) * 2018-10-24 2019-04-09 平安科技(深圳)有限公司 Right management method, device, electronic equipment and storage medium
CN109495514A (en) * 2018-12-29 2019-03-19 南方电网科学研究院有限责任公司 Role access control system and method based on edge terminal
CN110222524A (en) * 2019-05-07 2019-09-10 深圳壹账通智能科技有限公司 The authorization check method, apparatus and terminal device of uniform resource locator request
CN112774200A (en) * 2021-01-22 2021-05-11 北京字跳网络技术有限公司 Role interaction control method and device, computer equipment and storage medium
CN114360114A (en) * 2022-03-14 2022-04-15 云丁网络技术(北京)有限公司 User authority management method and system
CN116484425A (en) * 2023-04-24 2023-07-25 长春嘉诚信息技术股份有限公司 Authority management method based on information system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
云计算环境下基于信任的访问控制研究;倪菁 等;信息通信(第10期);全文 *

Also Published As

Publication number Publication date
CN116821879A (en) 2023-09-29

Similar Documents

Publication Publication Date Title
US20090044282A1 (en) System and Method for Generating and Displaying a Keyboard Comprising a Random Layout of Keys
KR20110081177A (en) Detection of confidential information
US11899816B2 (en) Batch tokenization service
CN113364753B (en) Anti-crawler method and device, electronic equipment and computer readable storage medium
US8904176B2 (en) Protecting the information encoded in a bloom filter using encoded bits of data
CN112637108B (en) Internal threat analysis method and system based on anomaly detection and emotion analysis
CN112738080B (en) Administrative data transmission encryption method and terminal equipment
US20240232422A1 (en) De-Tokenization Patterns And Solutions
EP3591561A1 (en) An anonymized data processing method and computer programs thereof
CN107977504B (en) Asymmetric reactor core fuel management calculation method and device and terminal equipment
CN117574403A (en) Photovoltaic embedded system access control method and system based on trusted computing
CN109446053A (en) Test method, computer readable storage medium and the terminal of application program
CN116821879B (en) Visual system role management system
CN113378167A (en) Malicious software detection method based on improved naive Bayes algorithm and gated loop unit mixing
CN113064972A (en) Intelligent question and answer method, device, equipment and storage medium
CN110019374B (en) Feature-based data item processing method and device, storage medium and computer equipment
US11853431B2 (en) Use of word embeddings to locate sensitive text in computer programming scripts
CN117094033B (en) Security destruction evaluation system and method based on key data sensitivity
CN117278343B (en) Data multi-level output processing method based on big data platform data
CN116611057B (en) Data security detection method and system thereof
US20230161877A1 (en) Efficient integrity monitoring of processing operations with multiple memory arrays
Liao et al. Verifiable Deep Learning Inference on Heterogeneous Edge Devices with Trusted Execution Environment
CN118297076A (en) Operation ticket checking method, device, computer equipment and storage medium
CN115470486A (en) Imaging detection method, device and system for malicious codes
WO2023228188A1 (en) A sensitive variable identifying system and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant