CN117272397B - Role authority modification method of RBAC based on file design - Google Patents
Role authority modification method of RBAC based on file design Download PDFInfo
- Publication number
- CN117272397B CN117272397B CN202311563742.0A CN202311563742A CN117272397B CN 117272397 B CN117272397 B CN 117272397B CN 202311563742 A CN202311563742 A CN 202311563742A CN 117272397 B CN117272397 B CN 117272397B
- Authority
- CN
- China
- Prior art keywords
- role
- file
- sets
- authority
- function
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000013461 design Methods 0.000 title claims abstract description 15
- 238000002715 modification method Methods 0.000 title claims abstract description 9
- 230000006870 function Effects 0.000 claims abstract description 91
- 230000003068 static effect Effects 0.000 claims abstract description 34
- 238000012986 modification Methods 0.000 claims abstract description 21
- 230000004048 modification Effects 0.000 claims abstract description 21
- 238000004458 analytical method Methods 0.000 claims abstract description 19
- 238000000034 method Methods 0.000 claims description 12
- 239000000203 mixture Substances 0.000 description 6
- 238000012545 processing Methods 0.000 description 6
- 238000012423 maintenance Methods 0.000 description 5
- 239000012141 concentrate Substances 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 239000013589 supplement Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/11—File system administration, e.g. details of archiving or snapshots
- G06F16/122—File system administration, e.g. details of archiving or snapshots using management policies
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/16—File or folder operations, e.g. details of user interfaces specifically adapted to file systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The invention provides a role authority modification method of RBAC based on file design, which comprises the following steps: s1, constructing a dynamic file and a static file, and recording the modification time of the dynamic file and the modification time of the static file, wherein the dynamic file is a modification file for adding, deleting or modifying roles and the static file is an existing file with roles and the rights of the roles; s2, when a role accesses, judging whether the recording time of the dynamic file is consistent with the recording time of the static file, if so, carrying out S3, otherwise, analyzing the dynamic file, recording the analysis result to a memory module, updating the recording time of the static file, and then carrying out S3; s3, acquiring the authority from the memory module, and acquiring corresponding data according to the authority. The invention can meet the role and authority dynamic change function real-time effective function by simple file configuration modification, and meets the authority control problem from the front end of the software system to the background.
Description
Technical Field
The invention relates to the technical field of data protection, in particular to a role authority modification method of RBAC based on file design.
Background
In order to meet the general requirements of enterprise-level unified access control background, such as high availability, compatibility, operation convenience and the like, a permission model capable of supporting Role management and supporting a large amount of data is needed, an RBAC (Role-based access control) access control model is used as a model which is most widely applied at present, different permissions can be assigned to different roles by using a Role permission association table, and after the Role permission association table is obtained, a corresponding Role is allocated to a user by using a user Role association table, namely the mapping relationship from the user to the Role is recorded by the user Role association table, so that the permission management is realized. However, the current RABC model performs mixed processing on dynamic data and static data, the processing mode is not friendly to the dynamic data, if the dynamic data is regarded as the authority, the authority data amount is overlarge, and the role association authority is difficult to execute; if the dynamic data is regarded as a character, the amount of the character data is greatly increased, the convenience of management by using a character model is lost, the authority management efficiency is reduced, and a user cannot conduct targeted processing on the dynamic data. Reference is made to a method, apparatus, electronic device and computer readable storage medium for access control of chinese patent application No. CN202110241871.2, the method comprising: when an access request of a user for a target resource is obtained, judging whether the user has the authority for accessing the target resource or not according to a preset allocation table and a role authority association table; the target resource represents service dynamic data in the authority system; the allocation table is used for maintaining the corresponding relation among the user, the resource and the role; the role authority association table is used for maintaining the corresponding relation between roles and authorities; if the access right of the target resource is provided, controlling a user to operate the target resource according to storage index information of the target resource in a preset resource table; the resource table is used for maintaining storage index information of all business dynamic data. The patent also requires the introduction of additional database overhead and does not support scenarios where multiple functional rights are arranged in combination to co-act with single access control.
In a software product system with rich functions, in a model with multiple tenants and multiple rights of a single user, the rights management complexity of RBAC is geometrically increased, and the complexity of system implementation is increased. For software system management, UI front end access, background API access, bottom database access and operating system background file system access should be controlled by permission, and the problem of obviously increasing system implementation complexity when the dynamic data range is expanded is explained by taking common code implementation logic of the front end as an example. The roles and corresponding permissions are maintained by the background, and the front end typically maintains a menu (route) with the map configuration of the roles to restrict users who do not use the roles from accessing specific page URLs. It can be obviously seen that when the function of roll is changed, if roll 1 cannot access the page menu corresponding to path1 at a certain moment, the source code needs to be modified, the dynamic adaptability is not possessed, and the actual production requirement cannot be met; or dynamically inquiring authority configuration in real time every time of access codes, the occupied memory is high, and the operation efficiency is low. When the roll number or the authority options are increased, the range of the influence codes is wide. Similarly, the same code logic and problems exist in modules such as backend, database control, operating system management, and the like.
Disclosure of Invention
The invention solves the problems of high logic complexity, large coding workload and low expandability of RBAC authority control realization of a software system with complex function menu, and provides a role authority modification method of RBAC based on file design, which can meet the role and authority dynamic change function real-time effective function through simple file configuration modification and meet the authority control problem from the front end of the software system to the background.
In order to achieve the above purpose, the following technical scheme is provided:
a role authority modification method of RBAC based on file design comprises the following steps:
s1, constructing a dynamic file and a static file, and recording the modification time of the dynamic file and the modification time of the static file, wherein the dynamic file is a modification file for adding, deleting or modifying roles and the static file is an existing file with roles and the rights of the roles;
s2, when a role accesses, judging whether the recording time of the dynamic file is consistent with the recording time of the static file, if so, carrying out S3, otherwise, analyzing the dynamic file, recording the analysis result to a memory module, updating the recording time of the static file, and then carrying out S3;
s3, acquiring the authority from the memory module, and acquiring corresponding data according to the authority.
According to the invention, dynamic maintenance of role authority is realized through the file, the linkage is not needed to modify service codes, the influence range is small, and the scheme is simple and easy to implement; the implementation scheme has high operation efficiency and small occupied memory, and can improve the system performance; the dynamic and static data sets are separated, the system expansion degree is high, the method is suitable for scenes with frequent character and function modification changes or scenes with large data scale, the system complexity is linearly increased along with the increase of the data quantity, and the time and space complexity can be controlled at the O (n) level. And when the file is unchanged, repeated analysis of role authority relation is not needed, and the processing efficiency is high. And judging whether the memory is required to be dynamically loaded and analyzed according to the consistency of the file time and the memory recording time.
Preferably, the dynamic file and the static file each comprise a plurality of class role sets and a plurality of class function sets, each class role set is provided with at least 1 role, the roles of each class role set are corresponding to the functions with the class role sets, each class of function set is strongly related to specific business logic and codes, and 1 function set is at least related to 1 role set.
Preferably, when 1 function set is associated with a plurality of role sets, the associated logic relationship of the plurality of role sets is a union or a non-union, the function sets need the operation authority of the plurality of role sets to operate when the associated logic relationship is the union, the function sets need only one of the operation authorities of the parallel role sets to operate when the associated logic relationship is the union, and the operation authorities of the other role sets except the operation authority of the designated role sets can operate when the associated logic relationship is the non-union. The purpose of the design in the file structure is to support the logic association of roles AND functions, set role sets according to attributes, wherein one type of sets represent one type of authorities, specific functions AND authorities are bound, single association OR combined association can be carried out, AND multiple logic relations of OR, AND AND NOT are supported. The complex functional relationship can be contained in the system, for example, a certain function, such as a specific UI button, can be operated by a plurality of authorities, AND the AND relationship expression can be selected, so that a certain role only needs to pay attention to a single function supported by the role, AND authority labels are not required to be independently set for special permutation AND combination functions, AND the complexity of the system can be greatly reduced.
Preferably, the parallel character set when the associated logical relationship is or and the designated character set when the associated logical relationship is not are 1 character set or a combination of a plurality of character sets. The invention is designed to extend the functional relationship, for example, if a certain function needs to co-operate with the first AND second character sets OR the third AND fourth character sets to be realized, the function is expressed as (first AND second character sets) OR (third AND fourth character sets), AND for example, if a certain function is co-operated with the first AND second character sets, the rest of the character sets are all operable, AND the function is expressed as NOT (first AND second character sets).
Preferably, the step S3 specifically includes the following steps:
s301, matching a role set corresponding to a currently accessed role according to an existing analysis result of the memory module;
s302, matching all corresponding function sets according to the role sets;
s303, acquiring rights corresponding to all the function sets, and acquiring corresponding data according to the rights.
Preferably, the step S3 specifically includes the following steps:
s311, matching a role set corresponding to the currently accessed role according to the existing analysis result of the memory module;
s312, matching all corresponding function sets according to the role sets;
s313, traversing the association logic relation between all the function sets and the role sets, and selecting the function set capable of operating as an output function set;
s314, acquiring the authority corresponding to the output function set, and acquiring corresponding data according to the authority.
The beneficial effects of the invention are as follows:
1. dynamic maintenance of role authority is realized through the file, the service code does not need to be modified in a linkage way, the influence range is small, and the scheme is simple and easy to implement.
2. The authority control of complex logic relationship can be supported, the multi-element service combination is included through or, and logical combination and non-logical combination, a designer only needs to concentrate on function definition and authority division, the content of an authority file is specified, and the logic implementation decoupling is designed and realized.
3. The implementation scheme has high operation efficiency and small occupied memory, and can improve the system performance.
Drawings
FIG. 1 is a flow chart of the method of example 1;
fig. 2 is a schematic diagram of a modification right panel of embodiment 1.
Detailed Description
Example 1:
the embodiment provides a role authority modification method of RBAC based on file design, referring to FIG. 1, comprising the following steps:
s1, constructing a dynamic file and a static file, recording the modification time of the dynamic file and the modification time of the static file, wherein the dynamic file is a modification file for newly adding, deleting or modifying the role authority, and the static file is an existing file provided with the role and the role authority; the dynamic file and the static file both comprise a plurality of class role sets and a plurality of class function sets, each class role set is provided with at least 1 role, the roles of each class role set correspondingly have the functions of the class role set, each class of function set is strongly related to specific business logic and codes, and 1 function set is at least related to 1 role set.
When the 1 function set is associated with the plurality of role sets, the association logic relationship of the plurality of role sets is a union or a non-union, when the association logic relationship is a union, the function set can be operated only by the operation authorities of the plurality of role sets, when the association logic relationship is a union or the function set can be operated only by one of the operation authorities of the parallel role sets, and when the association logic relationship is a non-union, the operation authorities of the function set except the operation authorities of the designated role sets can be operated. The file structure is designed to support the logic association of roles AND functions, sets role sets according to attributes, wherein one type of sets represent one type of authorities, specific functions AND authorities are bound, single association OR combined association can be carried out, AND multiple logic relations of OR, AND AND NOT are supported. The complex functional relationship can be contained in the system, for example, a certain function, such as a specific UI button, can be operated by a plurality of authorities, AND the AND relationship expression can be selected, so that a certain role only needs to pay attention to a single function supported by the role, AND authority labels are not required to be independently set for special permutation AND combination functions, AND the complexity of the system can be greatly reduced.
The parallel character set when the association logical relationship is or and the designated character set when the association logical relationship is not are 1 character set or a combination of a plurality of character sets. The invention is designed to extend the functional relationship, for example, if a certain function needs to co-operate with the first AND second character sets OR the third AND fourth character sets to be realized, the function is expressed as (first AND second character sets) OR (third AND fourth character sets), AND for example, if a certain function is co-operated with the first AND second character sets, the rest of the character sets are all operable, AND the function is expressed as NOT (first AND second character sets).
Referring to fig. 2, a set of roles is defined, roles within the set having the right to this operation:
M1_Function1_query_define:
role1, role2, role3;
M1_Function1_add_define:
role1, role2;
M1_Function1_modify_define:
role1, role2;
M1_Function1_delete_define:
role1;
M1_Function2_read_define:
role1;
M1_Function2_write_define:
role2;
defining a set of functions, which are strongly related to specific business logic and codes, a function can be bound to the operating rights of a single or multiple sets of roles:
M1_Function1_query:
M1_Function1_query_define;
M1_Functionx_read:
M1_Function1_query_define or M1_Function2_read_define;
M1_Functiony_write:
M1_Function1_add_define and M1_Function2_write_define ;
M1_Functionz_write:
not M1_Function2_write_define ;
wherein: m1_func1_query represents a specific Function, m1_func1_query_definition represents a role set having authority of the Function, and specific content of m1_func1_query_definition is a role name set, such as role1, etc., for supporting permutation and combination expression. When the role1 is useful for the access authority of the Function1 of the module 1, the role1 is added into the M1_Function1_query_definition, when the authority of the role1 is deleted, the role1 is removed from the M1_Function1_query_definition, namely, when the authority of the system role changes, the Function attribute, namely, the M1_Function1_query, is not required to be changed, and only member information is required to be modified in the authority set M1_Function1_query_definition. The method can intuitively understand that the M1_Fumch1_query_definition is related to a permission menu which can be configured by an administrator, for example, the roles of possessing data flow analysis-flow composition analysis-viewing permission are added into the M1_Fumch1_query_definition set. The roles of possessing data stream analysis-protocol composition analysis-viewing rights are all added to the m1_function2_read_define set. M1_Functionx_read is a specific service authority, and a user who can view both the flow analysis-flow composition analysis (M1_Function1_query_definition) and the flow analysis-protocol composition analysis (M1_Function2_read_definition) can view a data statistics page, wherein the page summarizes the results of the flow composition analysis and the protocol composition analysis and is expressed as M1_Functionx_read:
M1_Function1_query_define and M1_Function2_read_define。
s2, when a role accesses, judging whether the recording time of the dynamic file is consistent with the recording time of the static file, if so, carrying out S3, otherwise, analyzing the dynamic file, recording the analysis result to a memory module, updating the recording time of the static file, and then carrying out S3;
s3, acquiring rights from the memory module, and acquiring corresponding data by the rights.
S3 specifically comprises the following steps:
s301, matching a role set corresponding to a currently accessed role according to an existing analysis result of the memory module;
s302, matching all corresponding function sets according to the role sets;
s303, acquiring rights corresponding to all the function sets, and acquiring corresponding data according to the rights.
According to the invention, dynamic maintenance of role authority is realized through the file, the linkage is not needed to modify service codes, the influence range is small, and the scheme is simple and easy to implement; the implementation scheme has high operation efficiency and small occupied memory, and can improve the system performance; the dynamic and static data sets are separated, the system expansion degree is high, the method is suitable for scenes with frequent character and function modification changes or scenes with large data scale, the system complexity is linearly increased along with the increase of the data quantity, and the time and space complexity can be controlled at the O (n) level. And when the file is unchanged, repeated analysis of role authority relation is not needed, and the processing efficiency is high. And judging whether the memory is required to be dynamically loaded and analyzed according to the consistency of the file time and the memory recording time.
Example 2:
the embodiment supplements S3 on the basis of embodiment 1, and proposes a role authority modification method of RBAC based on file design, which specifically includes the following steps:
s1, constructing a dynamic file and a static file, and recording the modification time of the dynamic file and the modification time of the static file, wherein the dynamic file is a modification file for adding, deleting or modifying roles and the static file is an existing file with roles and the rights of the roles; the dynamic file and the static file both comprise a plurality of class role sets and a plurality of class function sets, each class role set is provided with at least 1 role, the roles of each class role set are corresponding to the functions with the class role sets, each class of function set is strongly related to specific business logic and codes, and 1 function set is at least related to 1 role set.
When the 1 function set is associated with the plurality of role sets, the association logic relationship of the plurality of role sets is a union or a non-union, when the association logic relationship is a union, the function set can be operated only by the operation authorities of the plurality of role sets, when the association logic relationship is a union or the function set can be operated only by one of the operation authorities of the parallel role sets, and when the association logic relationship is a non-union, the operation authorities of the function set except the operation authorities of the designated role sets can be operated. The parallel character set when the association logical relationship is or and the designated character set when the association logical relationship is not are 1 character set or a combination of a plurality of character sets.
S2, when a role accesses, judging whether the recording time of the dynamic file is consistent with the recording time of the static file, if so, carrying out S3, otherwise, analyzing the dynamic file, recording the analysis result to a memory module, updating the recording time of the static file, and then carrying out S3;
s3, acquiring rights from the memory module, and acquiring corresponding data by the rights. S3 specifically comprises the following steps:
s311, matching a role set corresponding to the currently accessed role according to the existing analysis result of the memory module;
s312, matching all corresponding function sets according to the role sets;
s313, traversing the association logic relation between all the function sets and the role sets, and selecting the function set capable of operating as an output function set;
s314, acquiring the authority corresponding to the output function set, and acquiring corresponding data according to the authority.
In this embodiment, filtering of the association logic relationship is added, and particularly when the association logic relationship is non-association logic relationship, the corresponding role set can be matched, but the role set does not have function authority, so that output of the function set needs to be removed.
According to the invention, dynamic maintenance of role authority is realized through the file, the linkage is not needed to modify service codes, the influence range is small, and the scheme is simple and easy to implement; the implementation scheme has high operation efficiency and small occupied memory, and can improve the system performance; the dynamic and static data sets are separated, the system expansion degree is high, the method is suitable for scenes with frequent character and function modification changes or scenes with large data scale, the system complexity is linearly increased along with the increase of the data quantity, and the time and space complexity can be controlled at the O (n) level. And when the file is unchanged, repeated analysis of role authority relation is not needed, and the processing efficiency is high. And judging whether the memory is required to be dynamically loaded and analyzed according to the consistency of the file time and the memory recording time. The invention has the following advantages:
1. dynamic maintenance of role authority is realized through the file, the service code does not need to be modified in a linkage way, the influence range is small, and the scheme is simple and easy to implement.
2. The authority control of complex logic relationship can be supported, the multi-element service combination is included through or, and logical combination and non-logical combination, a designer only needs to concentrate on function definition and authority division, the content of an authority file is specified, and the logic implementation decoupling is designed and realized.
3. The implementation scheme has high operation efficiency and small occupied memory, and can improve the system performance.
Claims (6)
1. The role authority modification method of RBAC based on file design is characterized by comprising the following steps:
s1, constructing a dynamic file and a static file, and recording the modification time of the dynamic file and the modification time of the static file, wherein the dynamic file is a modification file for adding, deleting or modifying roles, the static file is an existing file with roles and the rights of the roles, the dynamic file and the static file both comprise a plurality of types of role sets and a plurality of types of function sets, and when 1 function set is associated with a plurality of role sets, the association logic relationship of the plurality of role sets is a union or a non-union;
s2, judging whether the analysis memory is required to be dynamically loaded or not according to consistency of the file time and the memory recording time, judging whether the recording time of the dynamic file is consistent with the recording time of the static file or not when a role accesses the memory, if so, carrying out S3, analyzing the dynamic file, recording an analysis result to a memory module, updating the recording time of the static file at the same time, and then carrying out S3;
s3, acquiring the authority from the memory module, and acquiring corresponding data according to the authority.
2. The method for modifying role rights of RBAC based on file design according to claim 1, wherein the dynamic file and the static file each comprise a plurality of types of role sets and a plurality of types of function sets, each type of role set is provided with at least 1 role, the roles of each type of role set are corresponding to the functions having the type of role set, each type of function set is strongly related to specific business logic and codes, and 1 function set is at least related to 1 role set.
3. The method for modifying the role rights of the RBAC based on the file design according to claim 2, wherein when 1 function set is associated with a plurality of role sets, the associated logic relationship of the plurality of role sets is either the same or different, when the associated logic relationship is the same, the function set needs the operation rights of the plurality of role sets to operate, when the associated logic relationship is the same or the function set only needs one of the operation rights of the parallel role sets to operate, when the associated logic relationship is the different, the function set can operate except the operation rights of the designated role sets.
4. A method for modifying the authority of roles of a RBAC based on a file design as claimed in claim 3, wherein the set of parallel roles when the associated logical relationship is or and the designated set of roles when the associated logical relationship is not are 1 set of roles or a combination of sets of roles.
5. The method for modifying the role authority of the RBAC based on file design as claimed in claim 2, wherein the step S3 specifically comprises the following steps:
s301, matching a role set corresponding to a currently accessed role according to an existing analysis result of the memory module;
s302, matching all corresponding function sets according to the role sets;
s303, acquiring rights corresponding to all the function sets, and acquiring corresponding data according to the rights.
6. The method for modifying role rights of RBAC based on file design according to claim 3, wherein the step S3 specifically comprises the following steps:
s311, matching a role set corresponding to the currently accessed role according to the existing analysis result of the memory module;
s312, matching all corresponding function sets according to the role sets;
s313, traversing the association logic relation between all the function sets and the role sets, and selecting the function set capable of operating as an output function set;
s314, acquiring the authority corresponding to the output function set, and acquiring corresponding data according to the authority.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311563742.0A CN117272397B (en) | 2023-11-22 | 2023-11-22 | Role authority modification method of RBAC based on file design |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311563742.0A CN117272397B (en) | 2023-11-22 | 2023-11-22 | Role authority modification method of RBAC based on file design |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117272397A CN117272397A (en) | 2023-12-22 |
| CN117272397B true CN117272397B (en) | 2024-04-16 |
Family
ID=89203089
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311563742.0A Active CN117272397B (en) | 2023-11-22 | 2023-11-22 | Role authority modification method of RBAC based on file design |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117272397B (en) |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8312516B1 (en) * | 2006-06-20 | 2012-11-13 | Workday, Inc. | Security permissions with dynamic definition |
| CN106506569A (en) * | 2015-09-06 | 2017-03-15 | 北京国双科技有限公司 | The update method of authority and device |
| KR20170032705A (en) * | 2015-09-15 | 2017-03-23 | 충북대학교 산학협력단 | The secure automatic permission delegation system and method at emergency |
| CN108563958A (en) * | 2018-04-17 | 2018-09-21 | 平安普惠企业管理有限公司 | Role-security update method, device, computer equipment and storage medium |
| CN109740379A (en) * | 2019-01-03 | 2019-05-10 | 山东浪潮通软信息科技有限公司 | A kind of front end authority control method |
| WO2019237864A1 (en) * | 2018-06-12 | 2019-12-19 | 杨力祥 | Security user architecture and authority control method |
| CN111581633A (en) * | 2020-03-31 | 2020-08-25 | 浪潮通用软件有限公司 | Function authority control method, device and medium based on cloud computing |
| CN113297550A (en) * | 2021-06-17 | 2021-08-24 | 中国农业银行股份有限公司 | Authority control method, device, equipment, storage medium and program product |
| CN115017484A (en) * | 2022-08-04 | 2022-09-06 | 北京航天驭星科技有限公司 | Access control method and device |
| CN115828306A (en) * | 2022-12-30 | 2023-03-21 | 中电金信软件有限公司 | Data access method and device, electronic equipment and storage medium |
| CN117056952A (en) * | 2023-08-11 | 2023-11-14 | 中国电信股份有限公司技术创新中心 | Authority control method and system, client, server and storage medium |
-
2023
- 2023-11-22 CN CN202311563742.0A patent/CN117272397B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8312516B1 (en) * | 2006-06-20 | 2012-11-13 | Workday, Inc. | Security permissions with dynamic definition |
| CN106506569A (en) * | 2015-09-06 | 2017-03-15 | 北京国双科技有限公司 | The update method of authority and device |
| KR20170032705A (en) * | 2015-09-15 | 2017-03-23 | 충북대학교 산학협력단 | The secure automatic permission delegation system and method at emergency |
| CN108563958A (en) * | 2018-04-17 | 2018-09-21 | 平安普惠企业管理有限公司 | Role-security update method, device, computer equipment and storage medium |
| WO2019237864A1 (en) * | 2018-06-12 | 2019-12-19 | 杨力祥 | Security user architecture and authority control method |
| CN109740379A (en) * | 2019-01-03 | 2019-05-10 | 山东浪潮通软信息科技有限公司 | A kind of front end authority control method |
| CN111581633A (en) * | 2020-03-31 | 2020-08-25 | 浪潮通用软件有限公司 | Function authority control method, device and medium based on cloud computing |
| CN113297550A (en) * | 2021-06-17 | 2021-08-24 | 中国农业银行股份有限公司 | Authority control method, device, equipment, storage medium and program product |
| CN115017484A (en) * | 2022-08-04 | 2022-09-06 | 北京航天驭星科技有限公司 | Access control method and device |
| CN115828306A (en) * | 2022-12-30 | 2023-03-21 | 中电金信软件有限公司 | Data access method and device, electronic equipment and storage medium |
| CN117056952A (en) * | 2023-08-11 | 2023-11-14 | 中国电信股份有限公司技术创新中心 | Authority control method and system, client, server and storage medium |
Non-Patent Citations (2)
| Title |
|---|
| 一种基于RBAC的实现动态权限管理的方法;李仲;杨宗凯;刘威;;计算机技术与发展(第10期);全文 * |
| 基于RBAC的信息系统权限访问控制模型设计;黄川林;陈伟卫;陈廷斌;;电子技术与软件工程;20130131(第02期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117272397A (en) | 2023-12-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111428256B (en) | Multi-tenant management system of big data platform | |
| US6826582B1 (en) | Method and system for using file systems for content management | |
| CN109902255B (en) | Page mixed browsing record generation method, device, equipment and storage medium | |
| JPH10501086A (en) | Storage plane organization and storage system based thereon | |
| CN102254021A (en) | Method for constructing database based on virtual machine management system | |
| CN111680041B (en) | Safety high-efficiency access method for heterogeneous data | |
| CN101842772A (en) | File management system and computer readable record medium for the same | |
| US20190012323A1 (en) | Apparatus and Method for Accessing Data from a Database as a File | |
| US8135716B2 (en) | Systems and method for mapping large object data content in a database table to a work area | |
| KR20020050160A (en) | Object integrated management system | |
| US10108682B2 (en) | Query-level access to external petabyte-scale distributed file systems | |
| CN110334545B (en) | SQL-based permission control method and device and electronic equipment | |
| CN103049546B (en) | The method and apparatus of a kind of management, access system daily record | |
| US20080126349A1 (en) | Arbitration mechanisms to deal with conflicting applications and user data | |
| CN117272397B (en) | Role authority modification method of RBAC based on file design | |
| CN109063061B (en) | Cross-distributed system data processing method, device, equipment and storage medium | |
| US9223798B2 (en) | Virtualized workspaces for standardization of access to data | |
| CN112346723A (en) | Database access low-code generation middleware system | |
| US20020188774A1 (en) | Virtualizing external data as native data | |
| KR102617719B1 (en) | File sorting system | |
| US11803568B1 (en) | Replicating changes from a database to a destination and modifying replication capacity | |
| JPH1153234A (en) | Database utilization system | |
| US20240095279A1 (en) | Acceleration of privilege graph traversal | |
| Laadan | A personal virtual computer recorder | |
| WO2024016789A1 (en) | Log data query method and apparatus, and device and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |