CN118051936A

CN118051936A - Control method and device of access authority of intelligent system, electronic equipment and medium

Info

Publication number: CN118051936A
Application number: CN202410368792.1A
Authority: CN
Inventors: 桑智伟; 黄忠明; 徐刚; 朱平; 俞静; 王嘉寅; 高海东; 郝德锋; 王林; 王明坤
Original assignee: Xian Thermal Power Research Institute Co Ltd; Shanghai Shidongkou First Power Plant of Huaneng Power International Inc
Current assignee: Xian Thermal Power Research Institute Co Ltd; Shanghai Shidongkou First Power Plant of Huaneng Power International Inc
Priority date: 2024-03-28
Filing date: 2024-03-28
Publication date: 2024-05-17

Abstract

The invention relates to a control method, a device, electronic equipment and a medium of an intelligent system access right; wherein the method comprises the following steps: receiving an access request of first user equipment; responding to an access request of first user equipment, and acquiring an access attribute of the first user equipment, wherein the access attribute is used for describing a corresponding relation between an access person and an intelligent system, and the corresponding relation is external correspondence or internal correspondence; and controlling the access right of the first user equipment based on the access attribute of the first user equipment. The invention divides the authority of the access user of the intelligent system, and effectively avoids the problem that the security of the system resource is affected by the wrong access.

Description

Control method and device of access authority of intelligent system, electronic equipment and medium

Technical Field

The present invention relates to the field of computer technologies, and in particular, to a method, an apparatus, an electronic device, and a medium for controlling access rights of an intelligent system.

Background

The intelligent system (INTELLIGENCE SYSTEM) is a computer system capable of generating human intelligent behaviors, can run on a traditional computer in a self-organization and self-adaption mode, can run on a new generation computer in a self-organization and self-adaption mode, and achieves intelligent management.

In the related art, a system user can access, browse and download information in the intelligent system by logging in a personal account, however, in the prior art, the system user can access most content information in the intelligent system, so that the intelligent system has higher security.

Disclosure of Invention

In order to solve the technical problems, the invention provides a control method, a device, electronic equipment and a medium for access rights of an intelligent system.

In a first aspect, the present invention provides a method for controlling access rights of an intelligent system, including:

receiving an access request of first user equipment;

Responding to an access request of the first user equipment, and acquiring an access attribute of the first user equipment, wherein the access attribute is used for describing a corresponding relation between an access person and an intelligent system, and the corresponding relation is external correspondence or internal correspondence;

and controlling the access authority of the first user equipment based on the access attribute of the first user equipment.

Optionally, when the access attribute of the first user equipment is external access;

the controlling the access right of the first user equipment based on the access attribute of the first user equipment includes:

obtaining an access type corresponding to an access request of the first user equipment, wherein the access type comprises physical access and information access;

and controlling the access right of the first user equipment based on the access type corresponding to the access request of the first user equipment.

Optionally, the controlling the access right of the first user device based on the access type corresponding to the access request of the first user device includes:

When the access type is the physical access, controlling the access authority of the first user equipment to be a first level authority;

and determining the access data corresponding to the access request of the first user equipment as first-level data corresponding to the first-level authority.

When the access type is the information access, controlling the access authority of the first user equipment to be a second level authority;

And determining the access data corresponding to the access request of the first user equipment as second-level data corresponding to the second-level authority.

Optionally, the first class data includes machine room data.

Optionally, the second level data includes: information management system, host information, network device, and database information.

Optionally, when the access attribute of the first user equipment is internal access;

Acquiring a target access level of the first user equipment;

and controlling the access data corresponding to the access request of the first user equipment to be third grade data corresponding to the target access grade.

In a second aspect, the present invention provides a control device for access rights of an intelligent system, including:

The receiving module is used for receiving an access request of the first user equipment;

The access attribute is used for describing the corresponding relation between the access personnel and the intelligent system, and the corresponding relation is external correspondence or internal correspondence;

and the control module is used for controlling the access authority of the first user equipment based on the access attribute of the first user equipment.

the control module is specifically used for:

Optionally, the control module is specifically configured to:

Optionally, the first class data includes machine room data.

the control module is specifically used for:

Acquiring a target access level of the first user equipment;

In a third aspect, the present invention also provides an electronic device, including:

one or more processors;

Storage means for storing one or more programs,

When the one or more programs are executed by the one or more processors, the one or more processors implement the method for controlling access rights of an intelligent system according to any one of the embodiments of the present invention.

In a fourth aspect, the present invention further provides a computer readable storage medium, on which a computer program is stored, where the program when executed by a processor implements a method for controlling access rights of an intelligent system according to any one of the embodiments of the present invention.

In the embodiment of the invention, the access request of the first user equipment can be received; responding to an access request of first user equipment, and acquiring an access attribute of the first user equipment, wherein the access attribute is used for describing a corresponding relation between an access person and an intelligent system, and the corresponding relation is external correspondence or internal correspondence; and controlling the access right of the first user equipment based on the access attribute of the first user equipment. Therefore, the authority division is carried out on the access users of the intelligent system, and the problem that the security of system resources is affected by misoperation access is effectively avoided.

Drawings

Fig. 1 is a schematic flow chart of a method for controlling access rights of an intelligent system according to an embodiment of the present invention;

fig. 2 is a schematic structural diagram of a control device for access rights of an intelligent system according to an embodiment of the present invention;

fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.

Detailed Description

In order that the above objects, features and advantages of the invention will be more clearly understood, a further description of the invention will be made. It should be noted that, without conflict, the embodiments of the present invention and features in the embodiments may be combined with each other.

In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, but the present invention may be practiced otherwise than as described herein; it will be apparent that the embodiments in the specification are only some, but not all, embodiments of the invention.

Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs; the terminology used in the description of the applications herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention; the terms "comprising" and "having" and any variations thereof in the description and claims of the invention and in the description of the drawings are intended to cover a non-exclusive inclusion.

Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the invention. The appearances of the phrase "an embodiment" in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments.

The term "and/or" is herein merely an association relationship describing an associated object, meaning that there may be three relationships, e.g., a and/or B, may represent: there are three cases, a, B, a and B simultaneously. In addition, the character "/" herein generally indicates that the front and rear associated objects are an "or" relationship.

Furthermore, the terms first, second and the like in the description and in the claims or in the above-described figures, are used for distinguishing between different objects and not for describing a particular sequential order, and may be used to improve one or more of these features either explicitly or implicitly.

In the description of the present invention, unless otherwise indicated, the meaning of "plurality" means two or more (including two), and similarly, "plural sets" means two or more (including two).

The invention provides a control method, a device, electronic equipment and a medium of intelligent system access authority, which can receive an access request of first user equipment; responding to an access request of first user equipment, and acquiring an access attribute of the first user equipment, wherein the access attribute is used for describing a corresponding relation between an access person and an intelligent system, and the corresponding relation is external correspondence or internal correspondence; and controlling the access right of the first user equipment based on the access attribute of the first user equipment. Therefore, the authority division is carried out on the access users of the intelligent system, and the problem that the security of system resources is affected by misoperation access is effectively avoided.

The control method of the intelligent system access authority of the invention can be executed by the electronic equipment or the client installed in the electronic equipment. The electronic device may be a controller, a tablet computer, a mobile phone, a wearable device, a vehicle-mounted device, an Augmented Reality (AR)/Virtual Reality (VR) device, a notebook computer, an ultra-mobile personal computer (UMPC), a netbook, a Personal Digital Assistant (PDA), a smart television, a display screen, a high definition television, a 4K television, a smart speaker, a smart projector, or the like, and the specific type of the electronic device is not limited in the present invention.

The invention is not limited to the type of the operating system of the electronic device. For example, an Android system, a Linux system, a Windows system, an iOS system, and the like.

In order to make the person skilled in the art better understand the solution of the present invention, the technical solution of the embodiment of the present invention will be clearly and completely described below with reference to the accompanying drawings.

See in particular fig. 1.

Fig. 1 is a flow chart of a method for controlling access rights of an intelligent system according to an embodiment of the present invention. The method of the embodiment can be executed by a control device of the access authority of the intelligent system, and the device can be realized in a hardware/software mode and can be configured in electronic equipment. The control method of the intelligent system access right in any embodiment of the invention can be realized. As shown in fig. 1, the method specifically includes the following steps:

s110, receiving an access request of first user equipment.

The first user equipment is electronic equipment on which a user of the intelligent system logs in the intelligent system, and the system user can log in the intelligent system through the first user equipment to access corresponding information resources.

The system user can initiate an access request of the first user equipment to the intelligent system through the first user equipment, and the access request of the first user equipment can comprise identification of resources/contents/information to be accessed, storage positions of the resources/contents/information to be accessed and access requirements. The access requirements may include browsing, downloading, etc., as the invention is not particularly limited in this regard.

S120, responding to an access request of the first user equipment, and acquiring an access attribute of the first user equipment.

The access attribute may be used to describe a correspondence between an accessing person and the intelligent system, where the correspondence is external correspondence or internal correspondence. That is, the access attribute of the first user device can be used to characterize the first user device's relationship to the intelligent system.

For example, when the access attribute of the first user equipment is internal access, it may indicate that the relationship between the first user equipment and the intelligent system is internal, that is, the first user equipment belongs to the internal access equipment of the intelligent system. When the access attribute of the first user equipment is external access, the relationship between the first user equipment and the intelligent system can be indicated to be external, that is, the first user equipment belongs to the external access equipment of the intelligent system.

S130, controlling the access authority of the first user equipment based on the access attribute of the first user equipment.

The access authority of the first user equipment can be controlled according to the access attribute of the first user equipment in the intelligent system, so that accessible resources/information/content of the first user equipment can be effectively controlled to know the access condition of the first user equipment.

In the invention, the access request of the first user equipment can be received; responding to an access request of first user equipment, and acquiring an access attribute of the first user equipment, wherein the access attribute is used for describing a corresponding relation between an access person and an intelligent system, and the corresponding relation is external correspondence or internal correspondence; and controlling the access right of the first user equipment based on the access attribute of the first user equipment. Therefore, the authority division is carried out on the access users of the intelligent system, and the problem that the security of system resources is affected by misoperation access is effectively avoided.

In some embodiments, when the access attribute of the first user device is external access; controlling access rights of the first user device based on access attributes of the first user device, including: the method comprises the steps of obtaining an access type corresponding to an access request of first user equipment, wherein the access type comprises physical access and information access; and controlling the access authority of the first user equipment based on the access type corresponding to the access request of the first user equipment. Therefore, the access authority of the first user equipment can be conveniently and effectively controlled based on different access types.

The method for controlling the access authority of the first user equipment based on the access type corresponding to the access request of the first user equipment comprises the following steps: when the access type is physical access, controlling the access authority of the first user equipment to be a first level authority; and determining the access data corresponding to the access request of the first user equipment as first-level data corresponding to the first-level authority. Therefore, when knowing that the first user equipment needs to access the resource corresponding to the first level authority, the data to be accessed of the first level authority corresponding to the first user equipment can be effectively determined.

The first class data includes machine room data, which is physical data of the machine room. In addition, the first class data may include office information, etc.

The method for controlling the access authority of the first user equipment based on the access type corresponding to the access request of the first user equipment comprises the following steps: when the access type is information access, controlling the access authority of the first user equipment to be a second-level authority; and determining the access data corresponding to the access request of the first user equipment as second-level data corresponding to the second-level authority. Therefore, when knowing that the first user equipment needs to access the resource corresponding to the second-level authority, the data to be accessed of the second-level authority corresponding to the first user equipment can be effectively determined.

The second level data may include, but is not limited to: information management system, host information, network device, and database information.

In other embodiments, when the access attribute of the first user device is internal access; controlling access rights of the first user device based on access attributes of the first user device, including: acquiring a target access level of first user equipment; and controlling the access data corresponding to the access request of the first user equipment to be the third grade data corresponding to the target access grade. Therefore, when the first user equipment is determined to belong to the internal access, the corresponding system data is correspondingly displayed to the first user equipment.

In addition, when the first user equipment belongs to external access equipment, the access personnel can be divided into temporary access external personnel and non-temporary access external personnel according to the access time and the access property, and the two types of the temporary access external personnel are specifically as follows:

Temporary visiting outsiders refer to outside organizations or individuals who visit temporarily due to business negotiations, visits, communications, providing short-term and infrequent technical support services.

Outside personnel who do not temporarily visit, refer to outside organizations or individuals who work and work due to working in collaborative development, participating in project engineering, providing technical support, after-sales services, service outsourcing or advisory services, and the like.

For the physical access and information access of two external personnel, namely temporary access and non-temporary access, different security management requirements are specified, the department responsible for reception and the person responsible for reception are responsible for the security of the access of the external personnel, and the system has a cautious attitude for accessing sensitive areas such as a machine room. Specific management requirements should include:

Various information security standards and management regulations are complied with. Signing a privacy agreement, signing a security commitment agreement, or specifying relevant content in a contract. The security configuration requirements for its maintenance objectives must be in accordance with the corresponding specifications in the security configuration standard documents of the corresponding network devices, hosts, operating systems, databases, general-purpose applications, etc. When applying access rights, security manager needs to verify the necessity and access mode of the application of access rights, and evaluate the security risk possibly brought by the manager, and take some measures to reduce the risk as much as possible. The application of the access rights is only approved if the risk is acceptable, and the superuser is not given rights as much as possible.

Fig. 2 is a schematic structural diagram of a control device for access rights of an intelligent system according to an embodiment of the present invention; the device is configured in the electronic equipment, and can realize the control method of the access right of the intelligent system according to any embodiment of the invention. The device specifically comprises the following steps:

the receiving module 210 is configured to receive an access request of the first user equipment.

The obtaining module 220 is configured to obtain, in response to an access request of the first user equipment, an access attribute of the first user equipment, where the access attribute is used to describe a correspondence between an accessing person and an intelligent system, and the correspondence is external correspondence or internal correspondence.

A control module 230, configured to control access rights of the first user device based on the access attribute of the first user device.

In this embodiment, optionally, when the access attribute of the first user device is external access.

The control module 230 is specifically configured to:

Obtaining an access type corresponding to an access request of the first user equipment, wherein the access type comprises physical access and information access; and controlling the access right of the first user equipment based on the access type corresponding to the access request of the first user equipment.

In this embodiment, optionally, the control module 230 is specifically configured to:

When the access type is the physical access, controlling the access authority of the first user equipment to be a first level authority; and determining the access data corresponding to the access request of the first user equipment as first-level data corresponding to the first-level authority.

When the access type is the information access, controlling the access authority of the first user equipment to be a second level authority; and determining the access data corresponding to the access request of the first user equipment as second-level data corresponding to the second-level authority.

In this embodiment, optionally, the first class data includes machine room data.

In this embodiment, optionally, the second level data includes: information management system, host information, network device, and database information.

In this embodiment, optionally, when the access attribute of the first user equipment is internal access.

The control module 230 is specifically configured to:

Acquiring a target access level of the first user equipment; and controlling the access data corresponding to the access request of the first user equipment to be third grade data corresponding to the target access grade.

The access request of the first user equipment can be received through the control device of the intelligent system access authority of the embodiment of the invention; responding to an access request of first user equipment, and acquiring an access attribute of the first user equipment, wherein the access attribute is used for describing a corresponding relation between an access person and an intelligent system, and the corresponding relation is external correspondence or internal correspondence; and controlling the access right of the first user equipment based on the access attribute of the first user equipment. Therefore, the authority division is carried out on the access users of the intelligent system, and the problem that the security of system resources is affected by misoperation access is effectively avoided.

The control device of the access right of the intelligent system provided by the embodiment of the invention can execute the control method of the access right of the intelligent system provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.

The embodiment of the invention also provides electronic equipment. Referring specifically to fig. 3, fig. 3 is a basic structural block diagram of the electronic device according to the present embodiment.

The electronic device includes a memory 310 and a processor 320 communicatively coupled to each other via a system bus. It should be noted that only the electronic device having components 310-320 is shown in the figures, but it should be understood that not all of the illustrated components are required to be implemented and that more or fewer components may be implemented instead. It will be understood by those skilled in the art that the electronic device herein is a device capable of automatically performing numerical calculation and/or information processing according to a preset or stored instruction, and its hardware includes, but is not limited to, a microprocessor, an Application SPECIFIC INTEGRATED Circuit (ASIC), a Programmable gate array (Field-Programmable GATE ARRAY, FPGA), a digital Processor (DIGITAL SIGNAL Processor, DSP), an embedded device, and the like.

The electronic device may be a computing device such as a desktop computer, a notebook computer, a palm computer, a cloud server, and the like. The electronic device can perform man-machine interaction with a user through a keyboard, a mouse, a remote controller, a touch pad or voice control equipment and the like.

The memory 310 includes at least one type of readable storage medium including non-volatile memory (non-volatile memory) or volatile memory, such as flash memory (flash memory), hard disk, multimedia card, card memory (e.g., SD or DX memory, etc.), random access memory (random access memory, RAM), read-only memory (ROM), erasable programmable read-only memory (erasable programmable read-only memory, EPROM), electrically erasable programmable read-only memory (ELECTRICALLY ERASABLE PROGRAMMABLE READ-only memory, EEPROM), programmable read-only memory (programmable read-only memory, PROM), magnetic memory, RAM, optical disk, etc., which may include static or dynamic. In some embodiments, the memory 310 may be an internal storage unit of the electronic device, such as a hard disk or a memory of the electronic device. In other embodiments, the memory 310 may also be an external storage device of an electronic device, such as a plug-in hard disk, a smart memory card (SMART MEDIA CARD, SMC), a Secure Digital (SD) card, or a flash memory card (FLASH CARD) or the like, which are provided on the electronic device. Of course, memory 310 may also include both internal storage units for electronic devices and external storage devices. In this embodiment, the memory 310 is typically used to store an operating system and various types of application software installed on the electronic device, such as program codes of the above-described methods. In addition, the memory 310 may also be used to temporarily store various types of data that have been output or are to be output.

The processor 320 is generally used to perform the overall operations of the electronic device. In this embodiment, the memory 310 is used for storing program codes or instructions, the program codes include computer operation instructions, and the processor 320 is used for executing the program codes or instructions stored in the memory 310 or processing data, such as the program codes for executing the above-mentioned method.

Herein, the bus may be an industry standard architecture (Industry Standard Architecture, ISA) bus, a peripheral component interconnect (PERIPHERAL COMPONENT INTERCONNECT, PCI) bus, or an extended industry standard architecture (Extended Industry Standard Architecture, EISA) bus, among others. The bus system may be classified as an address bus, a data bus, a control bus, etc. For ease of illustration, the figures are shown with only one bold line, but not with only one bus or one type of bus.

Still another embodiment of the present invention provides a computer-readable medium, which may be a computer-readable signal medium or a computer-readable medium. A processor in a computer reads computer readable program code stored in a computer readable medium, such that the processor is capable of performing the functional actions specified in each step or combination of steps in the above-described method; a means for generating a functional action specified in each block of the block diagram or a combination of blocks.

The computer readable medium includes, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared memory or semiconductor system, apparatus or device, or any suitable combination of the foregoing, the memory storing program code or instructions, the program code including computer operating instructions, and the processor executing the program code or instructions of the above-described methods stored by the memory.

The definition of the memory and the processor may refer to the description of the foregoing electronic device embodiments, and will not be repeated here.

In the several embodiments provided by the present invention, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of modules or units is merely a logical functional division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.

The functional units or modules in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.

The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied essentially or in part or all or part of the technical solution contributing to the prior art, or in the form of a software product stored in a storage medium, comprising several instructions for causing an electronic device (which may be a personal computer, a server, or a network device, etc.) or a processor (processor) to perform all or part of the steps of the methods of the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.

Yet another embodiment of the invention also provides a computer program product for causing a computer to perform the method of the previous embodiment when the computer program product is run on the computer.

In the above-described embodiments, all or part of the functions may be implemented by software, hardware, or a combination of software and hardware. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the processes or functions in accordance with embodiments of the present invention are produced in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium. Computer readable storage media can be any available media that can be accessed by a computer or data storage devices, such as servers, data centers, etc., that contain an integration of one or more available media. Usable media may be magnetic media (e.g., floppy disks, hard disks, magnetic tape), optical media (e.g., DVD), or semiconductor media (e.g., solid State Disk (SSD)) or the like.

It should be noted that in this document, relational terms such as "first" and "second" and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps other than those listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The use of first, second, third, etc. does not denote any order, and the words are to be interpreted as names. The steps in the above embodiments should not be construed as limiting the order of execution unless specifically stated.

The above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims

1. The control method of the access right of the intelligent system is characterized by comprising the following steps:

receiving an access request of first user equipment;

2. The method according to claim 1, wherein when the access attribute of the first user device is external access;

3. The method according to claim 2, wherein said controlling the access rights of the first user device based on the access type corresponding to the access request of the first user device comprises:

4. The method according to claim 2, wherein said controlling the access rights of the first user device based on the access type corresponding to the access request of the first user device comprises:

5. A method according to claim 3, wherein the first class data comprises machine room data.

6. The method of claim 4, wherein the second level data comprises: information management system, host information, network device, and database information.

7. The method according to claim 1, wherein when the access attribute of the first user device is internal access;

Acquiring a target access level of the first user equipment;

8. An intelligent system access right control device is characterized by comprising:

9. An electronic device, comprising:

one or more processors;

Storage means for storing one or more programs,

When the one or more programs are executed by the one or more processors, the one or more processors implement the method for controlling access rights of an intelligent system according to any one of claims 1 to 7.

10. A computer-readable storage medium, on which a computer program is stored, characterized in that the program, when executed by a processor, implements a method for controlling access rights of an intelligent system according to any one of claims 1 to 7.