CN1291321C - Method for dynamic appointed network accessing authority - Google Patents
Method for dynamic appointed network accessing authority Download PDFInfo
- Publication number
- CN1291321C CN1291321C CN 03154372 CN03154372A CN1291321C CN 1291321 C CN1291321 C CN 1291321C CN 03154372 CN03154372 CN 03154372 CN 03154372 A CN03154372 A CN 03154372A CN 1291321 C CN1291321 C CN 1291321C
- Authority
- CN
- China
- Prior art keywords
- access
- dynamic
- request
- access right
- instruction
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Storage Device Security (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The present invention relates to a method for dynamically granting network access authority. The present invention comprises the steps that an alien authority parameter table is defined according to request access instructions to be accessed in a network environment; corresponding weighting parameter values are designated according to the authority parameter table, and the total weighted sums of all the access procedures are listed through a sequence mechanism; the execution of the access procedures is controlled according to list contents.
Description
Technical field
The present invention relates to a kind of method of specified network access right, particularly a kind of increase and decrease, the method for the dynamic specified network access right of distributing system resource along with the access program number.
Background technology
Storage server (storage server) is an access space public on the network environment, it is widely used in LAN (LAN) or internet (Internet), provide a plurality of end hosts or user's account number to carry out the access of data, yet also because the convenience of this access mechanism, cause the thing of many public weapon privates to take place, generally speaking, use the data of storage server access to be principle with the public affair associated documents, right in enterprise or possess under the corporation of scale, be difficult for for fear of managerial, often flow unavoidably on the way in individual's abuse, mp3 file for example, game file, to such an extent as to private picture private digital audio-video file etc., if certain employee is badly in need of carrying out an access program to finish certain assign task, often because the access control of storage server is listed as digital audio/video file of the positive access of nameless network user in (Access Control List), its huge data volume tends to cause delaying of access program, cause on the efficient and managerial defective, on the other hand, also, directly cause system resource waste because the storage server memory headroom piles with the digital document of some non-official characters.
At this problem, a kind of method of rights management is proposed for No. 486629 at Taiwan patented claim Announcement Number, definition allows specific people's list of access particular data in database, and utilize the notion of weight, some user of service's weight is improved, to accomplish the duty of layer-management, do not allow online user can touch its file, it not only wants the user to list in the file management list, obtain higher-rights to carry out the access of data by certain mechanism or authentication again, although perhaps can be apt to the target of reason for the team of enterprise of little individuality, yet for user of service's access procedure in many ways in large enterprises' body, its not detailed exposure authority is granted mechanism, and when acquisition system resource in many ways, also there is not a Corresponding Countermeasures, in the time of will causing user's access in many ways, there is a side when being badly in need of carrying out, can't be able to the elasticity distributing system resource in the future, perhaps has a side when access, to take place because of the unreasonable thing that weight is forced to interrupt inadequately.
Summary of the invention
The objective of the invention is to overcome the deficiencies in the prior art and defective, effectively avoid the thing of public weapon private to take place, and at the access control row of access in many ways, under the prerequisite of other access program of forced interruption not, system resource is done effective distribution.
For reaching above-mentioned purpose, the present invention proposes a kind of method of dynamic specified network access right, content according to the request access instruction, to send the source at access target, instruction, to instruct transmitting time to obtain corresponding rights parameters respectively, and then summation generation access right tabulation every according to rights parameters, system is again according to access right tabulation, according to the adding of new access program each time and finish access program from moving back, distributing system resource dynamically.
By the present invention, can do the standard of tactic by self-defining rights parameters table, effectively allow desire public weapon private person beat a retreat in the face of difficulties, and in the process of carrying out data access in many ways, under the prerequisite of forced interruption either party access action not, allow the access procedure of multi-user's network environment rationalize more, to improve the efficient of corporate operation.
Description of drawings
Fig. 1 is the network environment synoptic diagram of institute of the present invention construction;
Fig. 2 discloses the method flow diagram of dynamic specified network access right for the present invention;
Fig. 3 is the flow chart of steps of ordering mechanism;
Fig. 4 is embodiments of the invention.
Symbol description among the figure
10,20,30 end hosts
70 former access right tabulations
Access right tabulation after 80 renewals
100 storage servers
Step 200 is set up a different above rights parameters table in storage server
Step 300 receives from end host one request access instruction
Step 400 is according to this rights parameters table and should ask access instruction, utilizes an ordering mechanism to produce access right tabulation
Step 500 is according to this access right tabulation distributing system resource and carry out access
Embodiment
Describe the specific embodiment of the present invention in detail below in conjunction with drawings and Examples.
Please refer to Fig. 1, the network environment synoptic diagram of institute of the present invention construction is described.
In many ways end host 10,20,30 is set up the circulation of network on-line in order to data by internet (Internet) or LAN (LAN) with storage server (Storage server) 100, its each user has the network account number of passing through, and each main frame all possesses its network address, to upload the access behavior of download with storage server 100.
Please refer to Fig. 2, illustrate that the present invention discloses the method flow diagram of dynamic specified network access right.
It is present in user's end host 10 in many ways, 20 have carried out the action of access in the access control row of storage server 100, when end main frame 30 desires of not carrying out access send the request access information to storage server 100, system can carry out dynamic specified network access right according to the disclosed method of the present invention, at first set up a different above rights parameters table (step 200) in storage server, spirit of the present invention is desired the access target at an access program, the transmission source of request access instruction and the transmitting time of request instruction, definition one cover balance standard, phase, directly corresponding to handling the override person, that is the system resource that gives maximum allocation proportions assisted to finish its task with balance rights parameters summation soprano; Its rights parameters table possesses two fields basically, target for institute's desire definition, as access target, the transmission source of request access instruction and the transmitting time of request instruction, another hurdle then publishes corresponding weighting parameters, and its weighting parameters can be looked the definition of being sorted of each type demand.
Access instruction (step 300) accepts request, when end host 10,20, when 30 user desires to carry out access program, can send a request access instruction earlier, to wait for the answer of storage server 100, the content of its instruction includes the storage target, the request access instruction sends the source, request access instruction transmitting time, wherein, storing target can be subdivided into according to file type, the file size size, estimating access time etc. is used as the reference that authority is adjusted, for example the .PDF shelves are established the highest weighting parameters, .DOC be inferior high, the rest may be inferred, the standard of its setting and file type can be stipulated according to the inner promulgation of each enterprise, to allow the disposal of public affair obtain the highest processing authority, consider that in addition file transfer capacious influences the network quality, also delay all the other users' access action indirectly, so also can set the lower weighting parameters of file correspondence of larger capacity, this arrangement allows the mission requirements that can finish very soon solve in advance, in process, keep the quality of network good then, can effectively avoid some very important urgent small documents in scheduling, to delay, cause the loss on the timeliness.
In addition, request access instruction source also is the emphasis of considering, because the grade classification of company, naturally the weight of handling thing improves its importance and value layer by layer according to position, if in a team of enterprise, in many ways in the control of the access tabulation, can't obtain higher-rights than high office person, in obtaining the process of significant data, then everything will be entangled in the running of team, certainly will can't make quick and exhaustive decision, hinder the development of company indirectly, so, the present invention also makes user's position the branch of grade, give different weighting parameters, it can be according to user's network account (ID) criterion as position identification, and perhaps the computer Recognition network address (IP) that can refer to according to position is as the feature of identification.
According to rights parameters table and request access instruction, utilize ordering mechanism to produce access right tabulation (step 400), content according to the request access instruction, be inserted in one by one in the rights parameters table, each request access instruction is used as the statistics foundation of weighting parameters by a plurality of rights parameters tables, in utilizing ordering mechanism to produce the access right tabulation at last, please refer to Fig. 3, wherein the steps flow chart of ordering mechanism comprises the following step, at first read the request access instruction, and according to the request access instruction, obtain corresponding to the weighting parameters (step 410) of rights parameters table respectively, that is after analysis request access instruction content, according to each predefined target, obtain its corresponding weighting parameters, weighting parameters at each request access instruction adds up (step 420) then, calculate the summation of pairing each its weighting parameters of target of this request access instruction, that is the program by an addition, all are belonged to ask the weighting parameters of access instruction to add up, to obtain an authority credentials, again according to the summation of weighting parameters, upgrade access right tabulation (step 430), its access right tabulation includes at least three fields, one is authority credentials, it also is the totalling of weighting parameters, another is the access program title, also discern for the representative of request access instruction, one is the system resource allocation ratio, wherein, the access right tabulation adds for new access program is arranged each time, perhaps finish access program and in moving back, can upgrade its access program title according to this, the totalling of weighting parameters and system resource allocation ratio, this is the dynamic characteristic specified of the present invention place.
According to access right tabulation distributing system resource and execution access (step 500), in the access right tabulation, the access program of clear expression authority credentials size, system can make distribution according to the authority credentials of this access program, the disclosed distribution principle of the present invention is according to the dynamic assignment ratio, just the authority credentials of all access program representatives is added up and be total authority credentials, then with the corresponding authority credentials of each access program divided by total authority credentials, can obtain a dynamic assignment ratio, then system again according to this dynamic assignment ratio with execution scheduling foundation as central processing unit (CPU), Program Synchronization is handled a plurality of access programs according to this, running in order to the finite element network frequency range, also and then reach can be according to the order of importance and emergency of the access incident principle as elasticity Adjustment System access scheduling, in addition, desire public weapon private person with regard to some, also can drag slowly by it being finished access efficiency, download as MP3 or audio/video file, allow it beat a retreat in the face of difficulties, and on the other hand, can also allow previous user not because authority credentials is forced to cut off access program not as good as the new entrant, to rationalize multi-user's network data access environment.
Below will steps flow chart of the present invention be described with an embodiment, please refer to Fig. 4, suppose to have a request access instruction to send, the target of its access is a text file (.DOC), request access instruction source is manager, desire the accessing file capacity less than 4MB, then pass through ordering mechanism, the gained authority credentials is 22, corresponding to program F, shown in access right tabulation 80, and before its instruction carries out, there has been program A, B, C, the execution access program of D and E, the disclosed dynamic appointment of the present invention, the program authority value according to newly coming in gives computing again, be updated to access right tabulation 80 by original access right tabulation 70, reach dynamic appointment demand of the present invention.
The above only is the present invention's preferred embodiment wherein, is not to be used for limiting practical range of the present invention; Be that all equalizations of being done according to claims scope of the present invention change and modification, be all claims of the present invention and contain.
Claims (9)
1. the method for a dynamic specified network access right is characterized in that, includes the following step:
Set up a plurality of different rights parameters tables in storage server, so that weighting parameters to be provided;
Reception is from the request access instruction of end host;
Read this request access instruction, and, obtain corresponding to this weighting parameters of each rights parameters table respectively according to this request access instruction;
This weighting parameters at each request access instruction is sued for peace;
Summation according to this weighting parameters sorts, and produces access right tabulation; And
According to this access right tabulation distributing system resource and execution access.
2. the dynamic method of specified network access right according to claim 1, wherein respectively this weighting parameters comprises that access target, request access instruction send source and request access instruction transmitting time.
3. as the method for dynamic specified network access right as described in the claim 2, wherein this access target comprises a file kenel and a file size.
4. as the method for dynamic specified network access right as described in the claim 3, wherein this access target more comprises one and estimates the file access time.
5. as the method for dynamic specified network access right as described in the claim 2, wherein this request access instruction sends the source and comprises a user's account number and an end host address.
6. as the method for dynamic specified network access right as described in the claim 2, wherein this request access instruction comprises this access target, this request access instruction sends the source.
7. as the method for dynamic specified network access right as described in the claim 6, wherein this request access instruction more comprises this request access instruction transmitting time.
8. the dynamic method of specified network access right according to claim 1, by a dynamic assignment proportional distribution system resource, wherein this dynamic assignment schedule of proportion is shown:
(a
1+a
2+a
3+...+a
n)/
(a
1+a
2+...+a
n+b
1+b
2+...+b
n+...+m
1+m
2+...m
n);
A, b ..., m: represent different request access instructions; And
1,2 ..., n: represent different classes of weighting parameters.
9. the dynamic method of specified network access right according to claim 1, wherein this access right tabulation comprises the title of this request access instruction, the summation and a system resource allocation ratio of this weighting parameters.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 03154372 CN1291321C (en) | 2003-08-20 | 2003-08-20 | Method for dynamic appointed network accessing authority |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 03154372 CN1291321C (en) | 2003-08-20 | 2003-08-20 | Method for dynamic appointed network accessing authority |
Publications (2)
Publication Number | Publication Date |
---|---|
CN1584854A CN1584854A (en) | 2005-02-23 |
CN1291321C true CN1291321C (en) | 2006-12-20 |
Family
ID=34597972
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN 03154372 Expired - Fee Related CN1291321C (en) | 2003-08-20 | 2003-08-20 | Method for dynamic appointed network accessing authority |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN1291321C (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8013346B2 (en) | 2000-12-21 | 2011-09-06 | Semiconductor Energy Laboratory Co., Ltd. | Light emitting device and method of manufacturing the same |
-
2003
- 2003-08-20 CN CN 03154372 patent/CN1291321C/en not_active Expired - Fee Related
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8013346B2 (en) | 2000-12-21 | 2011-09-06 | Semiconductor Energy Laboratory Co., Ltd. | Light emitting device and method of manufacturing the same |
Also Published As
Publication number | Publication date |
---|---|
CN1584854A (en) | 2005-02-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20120047509A1 (en) | Systems and Methods for Improving Performance of Computer Systems | |
AU6902300A (en) | Graceful distribution in application server load balancing | |
KR20070019519A (en) | Systems and methods for fine grained access control of data stored in relational databases | |
Neumann et al. | STACEE: Enhancing storage clouds using edge devices | |
US11243947B1 (en) | Handshake protocol to facilitate invocation of external table functions | |
US7290053B2 (en) | System and method for enforcing quotas on object creation in a replicated directory service database | |
US8671087B2 (en) | System, method and computer program product for scanning and indexing data for different purposes | |
US10063601B2 (en) | Client identification for enforcing computer resource quotas | |
US20170272541A1 (en) | Local enforcement of computer resource quotas | |
CN106055706A (en) | Cache resource storage method and device | |
CN1506848A (en) | Method and system for allocating storage in competitive service under distributed computing environment | |
US20060294598A1 (en) | Community instance access control in a collaborative system | |
Ashby | Extension's progress in the paperless revolution: Balancing digital and paper | |
CN1291321C (en) | Method for dynamic appointed network accessing authority | |
US7356712B2 (en) | Method of dynamically assigning network access priorities | |
Chen et al. | Fairness constraint efficiency optimization for multiresource allocation in a cluster system serving internet of things | |
CN101075889A (en) | Digital multi-medium interaction service gate system | |
CN110069319B (en) | Multi-target virtual machine scheduling method and system for cloud resource management | |
Sharma et al. | TOSDS: tenant-centric object-based software defined storage for multitenant saas applications | |
WO2022089321A1 (en) | Method and apparatus for scheduling access point, and server and storage medium | |
CN1187691C (en) | New method for veriying citizenship | |
CN111651436B (en) | Processing method, system and computing device for user-generated content | |
US10887381B1 (en) | Management of allocated computing resources in networked environment | |
US11233847B1 (en) | Management of allocated computing resources in networked environment | |
US20080172490A1 (en) | Data scanning system and method thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
C17 | Cessation of patent right | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20061220 Termination date: 20100820 |