CN117272397B - Role authority modification method of RBAC based on file design - Google Patents

Role authority modification method of RBAC based on file design Download PDF

Info

Publication number
CN117272397B
CN117272397B CN202311563742.0A CN202311563742A CN117272397B CN 117272397 B CN117272397 B CN 117272397B CN 202311563742 A CN202311563742 A CN 202311563742A CN 117272397 B CN117272397 B CN 117272397B
Authority
CN
China
Prior art keywords
role
file
sets
authority
function
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202311563742.0A
Other languages
Chinese (zh)
Other versions
CN117272397A (en
Inventor
梅仪国
巩勋
陈力行
吴建强
朱闻江
张德
王燕
戢茜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huaxin Consulting Co Ltd
Original Assignee
Huaxin Consulting Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huaxin Consulting Co Ltd filed Critical Huaxin Consulting Co Ltd
Priority to CN202311563742.0A priority Critical patent/CN117272397B/en
Publication of CN117272397A publication Critical patent/CN117272397A/en
Application granted granted Critical
Publication of CN117272397B publication Critical patent/CN117272397B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/11File system administration, e.g. details of archiving or snapshots
    • G06F16/122File system administration, e.g. details of archiving or snapshots using management policies
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/16File or folder operations, e.g. details of user interfaces specifically adapted to file systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Bioethics (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Human Computer Interaction (AREA)
  • Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a role authority modification method of RBAC based on file design, which comprises the following steps: s1, constructing a dynamic file and a static file, and recording the modification time of the dynamic file and the modification time of the static file, wherein the dynamic file is a modification file for adding, deleting or modifying roles and the static file is an existing file with roles and the rights of the roles; s2, when a role accesses, judging whether the recording time of the dynamic file is consistent with the recording time of the static file, if so, carrying out S3, otherwise, analyzing the dynamic file, recording the analysis result to a memory module, updating the recording time of the static file, and then carrying out S3; s3, acquiring the authority from the memory module, and acquiring corresponding data according to the authority. The invention can meet the role and authority dynamic change function real-time effective function by simple file configuration modification, and meets the authority control problem from the front end of the software system to the background.

Description

Role authority modification method of RBAC based on file design
Technical Field
The invention relates to the technical field of data protection, in particular to a role authority modification method of RBAC based on file design.
Background
In order to meet the general requirements of enterprise-level unified access control background, such as high availability, compatibility, operation convenience and the like, a permission model capable of supporting Role management and supporting a large amount of data is needed, an RBAC (Role-based access control) access control model is used as a model which is most widely applied at present, different permissions can be assigned to different roles by using a Role permission association table, and after the Role permission association table is obtained, a corresponding Role is allocated to a user by using a user Role association table, namely the mapping relationship from the user to the Role is recorded by the user Role association table, so that the permission management is realized. However, the current RABC model performs mixed processing on dynamic data and static data, the processing mode is not friendly to the dynamic data, if the dynamic data is regarded as the authority, the authority data amount is overlarge, and the role association authority is difficult to execute; if the dynamic data is regarded as a character, the amount of the character data is greatly increased, the convenience of management by using a character model is lost, the authority management efficiency is reduced, and a user cannot conduct targeted processing on the dynamic data. Reference is made to a method, apparatus, electronic device and computer readable storage medium for access control of chinese patent application No. CN202110241871.2, the method comprising: when an access request of a user for a target resource is obtained, judging whether the user has the authority for accessing the target resource or not according to a preset allocation table and a role authority association table; the target resource represents service dynamic data in the authority system; the allocation table is used for maintaining the corresponding relation among the user, the resource and the role; the role authority association table is used for maintaining the corresponding relation between roles and authorities; if the access right of the target resource is provided, controlling a user to operate the target resource according to storage index information of the target resource in a preset resource table; the resource table is used for maintaining storage index information of all business dynamic data. The patent also requires the introduction of additional database overhead and does not support scenarios where multiple functional rights are arranged in combination to co-act with single access control.
In a software product system with rich functions, in a model with multiple tenants and multiple rights of a single user, the rights management complexity of RBAC is geometrically increased, and the complexity of system implementation is increased. For software system management, UI front end access, background API access, bottom database access and operating system background file system access should be controlled by permission, and the problem of obviously increasing system implementation complexity when the dynamic data range is expanded is explained by taking common code implementation logic of the front end as an example. The roles and corresponding permissions are maintained by the background, and the front end typically maintains a menu (route) with the map configuration of the roles to restrict users who do not use the roles from accessing specific page URLs. It can be obviously seen that when the function of roll is changed, if roll 1 cannot access the page menu corresponding to path1 at a certain moment, the source code needs to be modified, the dynamic adaptability is not possessed, and the actual production requirement cannot be met; or dynamically inquiring authority configuration in real time every time of access codes, the occupied memory is high, and the operation efficiency is low. When the roll number or the authority options are increased, the range of the influence codes is wide. Similarly, the same code logic and problems exist in modules such as backend, database control, operating system management, and the like.
Disclosure of Invention
The invention solves the problems of high logic complexity, large coding workload and low expandability of RBAC authority control realization of a software system with complex function menu, and provides a role authority modification method of RBAC based on file design, which can meet the role and authority dynamic change function real-time effective function through simple file configuration modification and meet the authority control problem from the front end of the software system to the background.
In order to achieve the above purpose, the following technical scheme is provided:
a role authority modification method of RBAC based on file design comprises the following steps:
s1, constructing a dynamic file and a static file, and recording the modification time of the dynamic file and the modification time of the static file, wherein the dynamic file is a modification file for adding, deleting or modifying roles and the static file is an existing file with roles and the rights of the roles;
s2, when a role accesses, judging whether the recording time of the dynamic file is consistent with the recording time of the static file, if so, carrying out S3, otherwise, analyzing the dynamic file, recording the analysis result to a memory module, updating the recording time of the static file, and then carrying out S3;
s3, acquiring the authority from the memory module, and acquiring corresponding data according to the authority.
According to the invention, dynamic maintenance of role authority is realized through the file, the linkage is not needed to modify service codes, the influence range is small, and the scheme is simple and easy to implement; the implementation scheme has high operation efficiency and small occupied memory, and can improve the system performance; the dynamic and static data sets are separated, the system expansion degree is high, the method is suitable for scenes with frequent character and function modification changes or scenes with large data scale, the system complexity is linearly increased along with the increase of the data quantity, and the time and space complexity can be controlled at the O (n) level. And when the file is unchanged, repeated analysis of role authority relation is not needed, and the processing efficiency is high. And judging whether the memory is required to be dynamically loaded and analyzed according to the consistency of the file time and the memory recording time.
Preferably, the dynamic file and the static file each comprise a plurality of class role sets and a plurality of class function sets, each class role set is provided with at least 1 role, the roles of each class role set are corresponding to the functions with the class role sets, each class of function set is strongly related to specific business logic and codes, and 1 function set is at least related to 1 role set.
Preferably, when 1 function set is associated with a plurality of role sets, the associated logic relationship of the plurality of role sets is a union or a non-union, the function sets need the operation authority of the plurality of role sets to operate when the associated logic relationship is the union, the function sets need only one of the operation authorities of the parallel role sets to operate when the associated logic relationship is the union, and the operation authorities of the other role sets except the operation authority of the designated role sets can operate when the associated logic relationship is the non-union. The purpose of the design in the file structure is to support the logic association of roles AND functions, set role sets according to attributes, wherein one type of sets represent one type of authorities, specific functions AND authorities are bound, single association OR combined association can be carried out, AND multiple logic relations of OR, AND AND NOT are supported. The complex functional relationship can be contained in the system, for example, a certain function, such as a specific UI button, can be operated by a plurality of authorities, AND the AND relationship expression can be selected, so that a certain role only needs to pay attention to a single function supported by the role, AND authority labels are not required to be independently set for special permutation AND combination functions, AND the complexity of the system can be greatly reduced.
Preferably, the parallel character set when the associated logical relationship is or and the designated character set when the associated logical relationship is not are 1 character set or a combination of a plurality of character sets. The invention is designed to extend the functional relationship, for example, if a certain function needs to co-operate with the first AND second character sets OR the third AND fourth character sets to be realized, the function is expressed as (first AND second character sets) OR (third AND fourth character sets), AND for example, if a certain function is co-operated with the first AND second character sets, the rest of the character sets are all operable, AND the function is expressed as NOT (first AND second character sets).
Preferably, the step S3 specifically includes the following steps:
s301, matching a role set corresponding to a currently accessed role according to an existing analysis result of the memory module;
s302, matching all corresponding function sets according to the role sets;
s303, acquiring rights corresponding to all the function sets, and acquiring corresponding data according to the rights.
Preferably, the step S3 specifically includes the following steps:
s311, matching a role set corresponding to the currently accessed role according to the existing analysis result of the memory module;
s312, matching all corresponding function sets according to the role sets;
s313, traversing the association logic relation between all the function sets and the role sets, and selecting the function set capable of operating as an output function set;
s314, acquiring the authority corresponding to the output function set, and acquiring corresponding data according to the authority.
The beneficial effects of the invention are as follows:
1. dynamic maintenance of role authority is realized through the file, the service code does not need to be modified in a linkage way, the influence range is small, and the scheme is simple and easy to implement.
2. The authority control of complex logic relationship can be supported, the multi-element service combination is included through or, and logical combination and non-logical combination, a designer only needs to concentrate on function definition and authority division, the content of an authority file is specified, and the logic implementation decoupling is designed and realized.
3. The implementation scheme has high operation efficiency and small occupied memory, and can improve the system performance.
Drawings
FIG. 1 is a flow chart of the method of example 1;
fig. 2 is a schematic diagram of a modification right panel of embodiment 1.
Detailed Description
Example 1:
the embodiment provides a role authority modification method of RBAC based on file design, referring to FIG. 1, comprising the following steps:
s1, constructing a dynamic file and a static file, recording the modification time of the dynamic file and the modification time of the static file, wherein the dynamic file is a modification file for newly adding, deleting or modifying the role authority, and the static file is an existing file provided with the role and the role authority; the dynamic file and the static file both comprise a plurality of class role sets and a plurality of class function sets, each class role set is provided with at least 1 role, the roles of each class role set correspondingly have the functions of the class role set, each class of function set is strongly related to specific business logic and codes, and 1 function set is at least related to 1 role set.
When the 1 function set is associated with the plurality of role sets, the association logic relationship of the plurality of role sets is a union or a non-union, when the association logic relationship is a union, the function set can be operated only by the operation authorities of the plurality of role sets, when the association logic relationship is a union or the function set can be operated only by one of the operation authorities of the parallel role sets, and when the association logic relationship is a non-union, the operation authorities of the function set except the operation authorities of the designated role sets can be operated. The file structure is designed to support the logic association of roles AND functions, sets role sets according to attributes, wherein one type of sets represent one type of authorities, specific functions AND authorities are bound, single association OR combined association can be carried out, AND multiple logic relations of OR, AND AND NOT are supported. The complex functional relationship can be contained in the system, for example, a certain function, such as a specific UI button, can be operated by a plurality of authorities, AND the AND relationship expression can be selected, so that a certain role only needs to pay attention to a single function supported by the role, AND authority labels are not required to be independently set for special permutation AND combination functions, AND the complexity of the system can be greatly reduced.
The parallel character set when the association logical relationship is or and the designated character set when the association logical relationship is not are 1 character set or a combination of a plurality of character sets. The invention is designed to extend the functional relationship, for example, if a certain function needs to co-operate with the first AND second character sets OR the third AND fourth character sets to be realized, the function is expressed as (first AND second character sets) OR (third AND fourth character sets), AND for example, if a certain function is co-operated with the first AND second character sets, the rest of the character sets are all operable, AND the function is expressed as NOT (first AND second character sets).
Referring to fig. 2, a set of roles is defined, roles within the set having the right to this operation:
M1_Function1_query_define:
role1, role2, role3;
M1_Function1_add_define:
role1, role2;
M1_Function1_modify_define:
role1, role2;
M1_Function1_delete_define:
role1;
M1_Function2_read_define:
role1;
M1_Function2_write_define:
role2;
defining a set of functions, which are strongly related to specific business logic and codes, a function can be bound to the operating rights of a single or multiple sets of roles:
M1_Function1_query:
M1_Function1_query_define;
M1_Functionx_read:
M1_Function1_query_define or M1_Function2_read_define;
M1_Functiony_write:
M1_Function1_add_define and M1_Function2_write_define ;
M1_Functionz_write:
not M1_Function2_write_define ;
wherein: m1_func1_query represents a specific Function, m1_func1_query_definition represents a role set having authority of the Function, and specific content of m1_func1_query_definition is a role name set, such as role1, etc., for supporting permutation and combination expression. When the role1 is useful for the access authority of the Function1 of the module 1, the role1 is added into the M1_Function1_query_definition, when the authority of the role1 is deleted, the role1 is removed from the M1_Function1_query_definition, namely, when the authority of the system role changes, the Function attribute, namely, the M1_Function1_query, is not required to be changed, and only member information is required to be modified in the authority set M1_Function1_query_definition. The method can intuitively understand that the M1_Fumch1_query_definition is related to a permission menu which can be configured by an administrator, for example, the roles of possessing data flow analysis-flow composition analysis-viewing permission are added into the M1_Fumch1_query_definition set. The roles of possessing data stream analysis-protocol composition analysis-viewing rights are all added to the m1_function2_read_define set. M1_Functionx_read is a specific service authority, and a user who can view both the flow analysis-flow composition analysis (M1_Function1_query_definition) and the flow analysis-protocol composition analysis (M1_Function2_read_definition) can view a data statistics page, wherein the page summarizes the results of the flow composition analysis and the protocol composition analysis and is expressed as M1_Functionx_read:
M1_Function1_query_define and M1_Function2_read_define。
s2, when a role accesses, judging whether the recording time of the dynamic file is consistent with the recording time of the static file, if so, carrying out S3, otherwise, analyzing the dynamic file, recording the analysis result to a memory module, updating the recording time of the static file, and then carrying out S3;
s3, acquiring rights from the memory module, and acquiring corresponding data by the rights.
S3 specifically comprises the following steps:
s301, matching a role set corresponding to a currently accessed role according to an existing analysis result of the memory module;
s302, matching all corresponding function sets according to the role sets;
s303, acquiring rights corresponding to all the function sets, and acquiring corresponding data according to the rights.
According to the invention, dynamic maintenance of role authority is realized through the file, the linkage is not needed to modify service codes, the influence range is small, and the scheme is simple and easy to implement; the implementation scheme has high operation efficiency and small occupied memory, and can improve the system performance; the dynamic and static data sets are separated, the system expansion degree is high, the method is suitable for scenes with frequent character and function modification changes or scenes with large data scale, the system complexity is linearly increased along with the increase of the data quantity, and the time and space complexity can be controlled at the O (n) level. And when the file is unchanged, repeated analysis of role authority relation is not needed, and the processing efficiency is high. And judging whether the memory is required to be dynamically loaded and analyzed according to the consistency of the file time and the memory recording time.
Example 2:
the embodiment supplements S3 on the basis of embodiment 1, and proposes a role authority modification method of RBAC based on file design, which specifically includes the following steps:
s1, constructing a dynamic file and a static file, and recording the modification time of the dynamic file and the modification time of the static file, wherein the dynamic file is a modification file for adding, deleting or modifying roles and the static file is an existing file with roles and the rights of the roles; the dynamic file and the static file both comprise a plurality of class role sets and a plurality of class function sets, each class role set is provided with at least 1 role, the roles of each class role set are corresponding to the functions with the class role sets, each class of function set is strongly related to specific business logic and codes, and 1 function set is at least related to 1 role set.
When the 1 function set is associated with the plurality of role sets, the association logic relationship of the plurality of role sets is a union or a non-union, when the association logic relationship is a union, the function set can be operated only by the operation authorities of the plurality of role sets, when the association logic relationship is a union or the function set can be operated only by one of the operation authorities of the parallel role sets, and when the association logic relationship is a non-union, the operation authorities of the function set except the operation authorities of the designated role sets can be operated. The parallel character set when the association logical relationship is or and the designated character set when the association logical relationship is not are 1 character set or a combination of a plurality of character sets.
S2, when a role accesses, judging whether the recording time of the dynamic file is consistent with the recording time of the static file, if so, carrying out S3, otherwise, analyzing the dynamic file, recording the analysis result to a memory module, updating the recording time of the static file, and then carrying out S3;
s3, acquiring rights from the memory module, and acquiring corresponding data by the rights. S3 specifically comprises the following steps:
s311, matching a role set corresponding to the currently accessed role according to the existing analysis result of the memory module;
s312, matching all corresponding function sets according to the role sets;
s313, traversing the association logic relation between all the function sets and the role sets, and selecting the function set capable of operating as an output function set;
s314, acquiring the authority corresponding to the output function set, and acquiring corresponding data according to the authority.
In this embodiment, filtering of the association logic relationship is added, and particularly when the association logic relationship is non-association logic relationship, the corresponding role set can be matched, but the role set does not have function authority, so that output of the function set needs to be removed.
According to the invention, dynamic maintenance of role authority is realized through the file, the linkage is not needed to modify service codes, the influence range is small, and the scheme is simple and easy to implement; the implementation scheme has high operation efficiency and small occupied memory, and can improve the system performance; the dynamic and static data sets are separated, the system expansion degree is high, the method is suitable for scenes with frequent character and function modification changes or scenes with large data scale, the system complexity is linearly increased along with the increase of the data quantity, and the time and space complexity can be controlled at the O (n) level. And when the file is unchanged, repeated analysis of role authority relation is not needed, and the processing efficiency is high. And judging whether the memory is required to be dynamically loaded and analyzed according to the consistency of the file time and the memory recording time. The invention has the following advantages:
1. dynamic maintenance of role authority is realized through the file, the service code does not need to be modified in a linkage way, the influence range is small, and the scheme is simple and easy to implement.
2. The authority control of complex logic relationship can be supported, the multi-element service combination is included through or, and logical combination and non-logical combination, a designer only needs to concentrate on function definition and authority division, the content of an authority file is specified, and the logic implementation decoupling is designed and realized.
3. The implementation scheme has high operation efficiency and small occupied memory, and can improve the system performance.

Claims (6)

1. The role authority modification method of RBAC based on file design is characterized by comprising the following steps:
s1, constructing a dynamic file and a static file, and recording the modification time of the dynamic file and the modification time of the static file, wherein the dynamic file is a modification file for adding, deleting or modifying roles, the static file is an existing file with roles and the rights of the roles, the dynamic file and the static file both comprise a plurality of types of role sets and a plurality of types of function sets, and when 1 function set is associated with a plurality of role sets, the association logic relationship of the plurality of role sets is a union or a non-union;
s2, judging whether the analysis memory is required to be dynamically loaded or not according to consistency of the file time and the memory recording time, judging whether the recording time of the dynamic file is consistent with the recording time of the static file or not when a role accesses the memory, if so, carrying out S3, analyzing the dynamic file, recording an analysis result to a memory module, updating the recording time of the static file at the same time, and then carrying out S3;
s3, acquiring the authority from the memory module, and acquiring corresponding data according to the authority.
2. The method for modifying role rights of RBAC based on file design according to claim 1, wherein the dynamic file and the static file each comprise a plurality of types of role sets and a plurality of types of function sets, each type of role set is provided with at least 1 role, the roles of each type of role set are corresponding to the functions having the type of role set, each type of function set is strongly related to specific business logic and codes, and 1 function set is at least related to 1 role set.
3. The method for modifying the role rights of the RBAC based on the file design according to claim 2, wherein when 1 function set is associated with a plurality of role sets, the associated logic relationship of the plurality of role sets is either the same or different, when the associated logic relationship is the same, the function set needs the operation rights of the plurality of role sets to operate, when the associated logic relationship is the same or the function set only needs one of the operation rights of the parallel role sets to operate, when the associated logic relationship is the different, the function set can operate except the operation rights of the designated role sets.
4. A method for modifying the authority of roles of a RBAC based on a file design as claimed in claim 3, wherein the set of parallel roles when the associated logical relationship is or and the designated set of roles when the associated logical relationship is not are 1 set of roles or a combination of sets of roles.
5. The method for modifying the role authority of the RBAC based on file design as claimed in claim 2, wherein the step S3 specifically comprises the following steps:
s301, matching a role set corresponding to a currently accessed role according to an existing analysis result of the memory module;
s302, matching all corresponding function sets according to the role sets;
s303, acquiring rights corresponding to all the function sets, and acquiring corresponding data according to the rights.
6. The method for modifying role rights of RBAC based on file design according to claim 3, wherein the step S3 specifically comprises the following steps:
s311, matching a role set corresponding to the currently accessed role according to the existing analysis result of the memory module;
s312, matching all corresponding function sets according to the role sets;
s313, traversing the association logic relation between all the function sets and the role sets, and selecting the function set capable of operating as an output function set;
s314, acquiring the authority corresponding to the output function set, and acquiring corresponding data according to the authority.
CN202311563742.0A 2023-11-22 2023-11-22 Role authority modification method of RBAC based on file design Active CN117272397B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311563742.0A CN117272397B (en) 2023-11-22 2023-11-22 Role authority modification method of RBAC based on file design

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311563742.0A CN117272397B (en) 2023-11-22 2023-11-22 Role authority modification method of RBAC based on file design

Publications (2)

Publication Number Publication Date
CN117272397A CN117272397A (en) 2023-12-22
CN117272397B true CN117272397B (en) 2024-04-16

Family

ID=89203089

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311563742.0A Active CN117272397B (en) 2023-11-22 2023-11-22 Role authority modification method of RBAC based on file design

Country Status (1)

Country Link
CN (1) CN117272397B (en)

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8312516B1 (en) * 2006-06-20 2012-11-13 Workday, Inc. Security permissions with dynamic definition
CN106506569A (en) * 2015-09-06 2017-03-15 北京国双科技有限公司 The update method of authority and device
KR20170032705A (en) * 2015-09-15 2017-03-23 충북대학교 산학협력단 The secure automatic permission delegation system and method at emergency
CN108563958A (en) * 2018-04-17 2018-09-21 平安普惠企业管理有限公司 Role-security update method, device, computer equipment and storage medium
CN109740379A (en) * 2019-01-03 2019-05-10 山东浪潮通软信息科技有限公司 A kind of front end authority control method
WO2019237864A1 (en) * 2018-06-12 2019-12-19 杨力祥 Security user architecture and authority control method
CN111581633A (en) * 2020-03-31 2020-08-25 浪潮通用软件有限公司 Function authority control method, device and medium based on cloud computing
CN113297550A (en) * 2021-06-17 2021-08-24 中国农业银行股份有限公司 Authority control method, device, equipment, storage medium and program product
CN115017484A (en) * 2022-08-04 2022-09-06 北京航天驭星科技有限公司 Access control method and device
CN115828306A (en) * 2022-12-30 2023-03-21 中电金信软件有限公司 Data access method and device, electronic equipment and storage medium
CN117056952A (en) * 2023-08-11 2023-11-14 中国电信股份有限公司技术创新中心 Authority control method and system, client, server and storage medium

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8312516B1 (en) * 2006-06-20 2012-11-13 Workday, Inc. Security permissions with dynamic definition
CN106506569A (en) * 2015-09-06 2017-03-15 北京国双科技有限公司 The update method of authority and device
KR20170032705A (en) * 2015-09-15 2017-03-23 충북대학교 산학협력단 The secure automatic permission delegation system and method at emergency
CN108563958A (en) * 2018-04-17 2018-09-21 平安普惠企业管理有限公司 Role-security update method, device, computer equipment and storage medium
WO2019237864A1 (en) * 2018-06-12 2019-12-19 杨力祥 Security user architecture and authority control method
CN109740379A (en) * 2019-01-03 2019-05-10 山东浪潮通软信息科技有限公司 A kind of front end authority control method
CN111581633A (en) * 2020-03-31 2020-08-25 浪潮通用软件有限公司 Function authority control method, device and medium based on cloud computing
CN113297550A (en) * 2021-06-17 2021-08-24 中国农业银行股份有限公司 Authority control method, device, equipment, storage medium and program product
CN115017484A (en) * 2022-08-04 2022-09-06 北京航天驭星科技有限公司 Access control method and device
CN115828306A (en) * 2022-12-30 2023-03-21 中电金信软件有限公司 Data access method and device, electronic equipment and storage medium
CN117056952A (en) * 2023-08-11 2023-11-14 中国电信股份有限公司技术创新中心 Authority control method and system, client, server and storage medium

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
一种基于RBAC的实现动态权限管理的方法;李仲;杨宗凯;刘威;;计算机技术与发展(第10期);全文 *
基于RBAC的信息系统权限访问控制模型设计;黄川林;陈伟卫;陈廷斌;;电子技术与软件工程;20130131(第02期);全文 *

Also Published As

Publication number Publication date
CN117272397A (en) 2023-12-22

Similar Documents

Publication Publication Date Title
CN105872078B (en) Mixed cloud desktop system and management method
US7502807B2 (en) Defining and extracting a flat list of search properties from a rich structured type
US6826582B1 (en) Method and system for using file systems for content management
CN109902255B (en) Page mixed browsing record generation method, device, equipment and storage medium
CN111680041B (en) Safety high-efficiency access method for heterogeneous data
CN102254021A (en) Method for constructing database based on virtual machine management system
CN101842772A (en) File management system and computer readable record medium for the same
US20190012323A1 (en) Apparatus and Method for Accessing Data from a Database as a File
US8219561B2 (en) Systems and methods for mapping large object data content in a database table to a work area
US10108682B2 (en) Query-level access to external petabyte-scale distributed file systems
KR20020050160A (en) Object integrated management system
JP7486677B2 (en) Joint management of links through link platforms and partner services
US8015570B2 (en) Arbitration mechanisms to deal with conflicting applications and user data
Zhao The database construction of intangible cultural heritage based on artificial intelligence
CN103049546B (en) The method and apparatus of a kind of management, access system daily record
CN109063061B (en) Cross-distributed system data processing method, device, equipment and storage medium
CN117272397B (en) Role authority modification method of RBAC based on file design
CN117056305A (en) Construction method, model, database system and medium of multisource isomorphic database
WO2016060068A1 (en) Information sharing device and information sharing method
US11803568B1 (en) Replicating changes from a database to a destination and modifying replication capacity
CN106250562B (en) Processing data information system
US20020188774A1 (en) Virtualizing external data as native data
JPH1153234A (en) Database utilization system
CN115129216B (en) Cross-organization data configuration management method and system
US20240095279A1 (en) Acceleration of privilege graph traversal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant