CN1291321C - Method for dynamic appointed network accessing authority - Google Patents

Method for dynamic appointed network accessing authority Download PDF

Info

Publication number
CN1291321C
CN1291321C CN 03154372 CN03154372A CN1291321C CN 1291321 C CN1291321 C CN 1291321C CN 03154372 CN03154372 CN 03154372 CN 03154372 A CN03154372 A CN 03154372A CN 1291321 C CN1291321 C CN 1291321C
Authority
CN
China
Prior art keywords
access
dynamic
request
access right
instruction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN 03154372
Other languages
Chinese (zh)
Other versions
CN1584854A (en
Inventor
陈志伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Inventec Corp
Original Assignee
Inventec Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inventec Corp filed Critical Inventec Corp
Priority to CN 03154372 priority Critical patent/CN1291321C/en
Publication of CN1584854A publication Critical patent/CN1584854A/en
Application granted granted Critical
Publication of CN1291321C publication Critical patent/CN1291321C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The present invention relates to a method for dynamically granting network access authority. The present invention comprises the steps that an alien authority parameter table is defined according to request access instructions to be accessed in a network environment; corresponding weighting parameter values are designated according to the authority parameter table, and the total weighted sums of all the access procedures are listed through a sequence mechanism; the execution of the access procedures is controlled according to list contents.

Description

The method of dynamic specified network access right
Technical field
The present invention relates to a kind of method of specified network access right, particularly a kind of increase and decrease, the method for the dynamic specified network access right of distributing system resource along with the access program number.
Background technology
Storage server (storage server) is an access space public on the network environment, it is widely used in LAN (LAN) or internet (Internet), provide a plurality of end hosts or user's account number to carry out the access of data, yet also because the convenience of this access mechanism, cause the thing of many public weapon privates to take place, generally speaking, use the data of storage server access to be principle with the public affair associated documents, right in enterprise or possess under the corporation of scale, be difficult for for fear of managerial, often flow unavoidably on the way in individual's abuse, mp3 file for example, game file, to such an extent as to private picture private digital audio-video file etc., if certain employee is badly in need of carrying out an access program to finish certain assign task, often because the access control of storage server is listed as digital audio/video file of the positive access of nameless network user in (Access Control List), its huge data volume tends to cause delaying of access program, cause on the efficient and managerial defective, on the other hand, also, directly cause system resource waste because the storage server memory headroom piles with the digital document of some non-official characters.
At this problem, a kind of method of rights management is proposed for No. 486629 at Taiwan patented claim Announcement Number, definition allows specific people's list of access particular data in database, and utilize the notion of weight, some user of service's weight is improved, to accomplish the duty of layer-management, do not allow online user can touch its file, it not only wants the user to list in the file management list, obtain higher-rights to carry out the access of data by certain mechanism or authentication again, although perhaps can be apt to the target of reason for the team of enterprise of little individuality, yet for user of service's access procedure in many ways in large enterprises' body, its not detailed exposure authority is granted mechanism, and when acquisition system resource in many ways, also there is not a Corresponding Countermeasures, in the time of will causing user's access in many ways, there is a side when being badly in need of carrying out, can't be able to the elasticity distributing system resource in the future, perhaps has a side when access, to take place because of the unreasonable thing that weight is forced to interrupt inadequately.
Summary of the invention
The objective of the invention is to overcome the deficiencies in the prior art and defective, effectively avoid the thing of public weapon private to take place, and at the access control row of access in many ways, under the prerequisite of other access program of forced interruption not, system resource is done effective distribution.
For reaching above-mentioned purpose, the present invention proposes a kind of method of dynamic specified network access right, content according to the request access instruction, to send the source at access target, instruction, to instruct transmitting time to obtain corresponding rights parameters respectively, and then summation generation access right tabulation every according to rights parameters, system is again according to access right tabulation, according to the adding of new access program each time and finish access program from moving back, distributing system resource dynamically.
By the present invention, can do the standard of tactic by self-defining rights parameters table, effectively allow desire public weapon private person beat a retreat in the face of difficulties, and in the process of carrying out data access in many ways, under the prerequisite of forced interruption either party access action not, allow the access procedure of multi-user's network environment rationalize more, to improve the efficient of corporate operation.
Description of drawings
Fig. 1 is the network environment synoptic diagram of institute of the present invention construction;
Fig. 2 discloses the method flow diagram of dynamic specified network access right for the present invention;
Fig. 3 is the flow chart of steps of ordering mechanism;
Fig. 4 is embodiments of the invention.
Symbol description among the figure
10,20,30 end hosts
70 former access right tabulations
Access right tabulation after 80 renewals
100 storage servers
Step 200 is set up a different above rights parameters table in storage server
Step 300 receives from end host one request access instruction
Step 400 is according to this rights parameters table and should ask access instruction, utilizes an ordering mechanism to produce access right tabulation
Step 410 reads this request access instruction, and according to this request access instruction, obtains corresponding to this weighting parameters of this rights parameters table respectively
Step 420 adds up at every this weighting parameters of this request access instruction
Step 430 is upgraded this access right tabulation according to the summation of this weighting parameters
Step 500 is according to this access right tabulation distributing system resource and carry out access
Embodiment
Describe the specific embodiment of the present invention in detail below in conjunction with drawings and Examples.
Please refer to Fig. 1, the network environment synoptic diagram of institute of the present invention construction is described.
In many ways end host 10,20,30 is set up the circulation of network on-line in order to data by internet (Internet) or LAN (LAN) with storage server (Storage server) 100, its each user has the network account number of passing through, and each main frame all possesses its network address, to upload the access behavior of download with storage server 100.
Please refer to Fig. 2, illustrate that the present invention discloses the method flow diagram of dynamic specified network access right.
It is present in user's end host 10 in many ways, 20 have carried out the action of access in the access control row of storage server 100, when end main frame 30 desires of not carrying out access send the request access information to storage server 100, system can carry out dynamic specified network access right according to the disclosed method of the present invention, at first set up a different above rights parameters table (step 200) in storage server, spirit of the present invention is desired the access target at an access program, the transmission source of request access instruction and the transmitting time of request instruction, definition one cover balance standard, phase, directly corresponding to handling the override person, that is the system resource that gives maximum allocation proportions assisted to finish its task with balance rights parameters summation soprano; Its rights parameters table possesses two fields basically, target for institute's desire definition, as access target, the transmission source of request access instruction and the transmitting time of request instruction, another hurdle then publishes corresponding weighting parameters, and its weighting parameters can be looked the definition of being sorted of each type demand.
Access instruction (step 300) accepts request, when end host 10,20, when 30 user desires to carry out access program, can send a request access instruction earlier, to wait for the answer of storage server 100, the content of its instruction includes the storage target, the request access instruction sends the source, request access instruction transmitting time, wherein, storing target can be subdivided into according to file type, the file size size, estimating access time etc. is used as the reference that authority is adjusted, for example the .PDF shelves are established the highest weighting parameters, .DOC be inferior high, the rest may be inferred, the standard of its setting and file type can be stipulated according to the inner promulgation of each enterprise, to allow the disposal of public affair obtain the highest processing authority, consider that in addition file transfer capacious influences the network quality, also delay all the other users' access action indirectly, so also can set the lower weighting parameters of file correspondence of larger capacity, this arrangement allows the mission requirements that can finish very soon solve in advance, in process, keep the quality of network good then, can effectively avoid some very important urgent small documents in scheduling, to delay, cause the loss on the timeliness.
In addition, request access instruction source also is the emphasis of considering, because the grade classification of company, naturally the weight of handling thing improves its importance and value layer by layer according to position, if in a team of enterprise, in many ways in the control of the access tabulation, can't obtain higher-rights than high office person, in obtaining the process of significant data, then everything will be entangled in the running of team, certainly will can't make quick and exhaustive decision, hinder the development of company indirectly, so, the present invention also makes user's position the branch of grade, give different weighting parameters, it can be according to user's network account (ID) criterion as position identification, and perhaps the computer Recognition network address (IP) that can refer to according to position is as the feature of identification.
According to rights parameters table and request access instruction, utilize ordering mechanism to produce access right tabulation (step 400), content according to the request access instruction, be inserted in one by one in the rights parameters table, each request access instruction is used as the statistics foundation of weighting parameters by a plurality of rights parameters tables, in utilizing ordering mechanism to produce the access right tabulation at last, please refer to Fig. 3, wherein the steps flow chart of ordering mechanism comprises the following step, at first read the request access instruction, and according to the request access instruction, obtain corresponding to the weighting parameters (step 410) of rights parameters table respectively, that is after analysis request access instruction content, according to each predefined target, obtain its corresponding weighting parameters, weighting parameters at each request access instruction adds up (step 420) then, calculate the summation of pairing each its weighting parameters of target of this request access instruction, that is the program by an addition, all are belonged to ask the weighting parameters of access instruction to add up, to obtain an authority credentials, again according to the summation of weighting parameters, upgrade access right tabulation (step 430), its access right tabulation includes at least three fields, one is authority credentials, it also is the totalling of weighting parameters, another is the access program title, also discern for the representative of request access instruction, one is the system resource allocation ratio, wherein, the access right tabulation adds for new access program is arranged each time, perhaps finish access program and in moving back, can upgrade its access program title according to this, the totalling of weighting parameters and system resource allocation ratio, this is the dynamic characteristic specified of the present invention place.
According to access right tabulation distributing system resource and execution access (step 500), in the access right tabulation, the access program of clear expression authority credentials size, system can make distribution according to the authority credentials of this access program, the disclosed distribution principle of the present invention is according to the dynamic assignment ratio, just the authority credentials of all access program representatives is added up and be total authority credentials, then with the corresponding authority credentials of each access program divided by total authority credentials, can obtain a dynamic assignment ratio, then system again according to this dynamic assignment ratio with execution scheduling foundation as central processing unit (CPU), Program Synchronization is handled a plurality of access programs according to this, running in order to the finite element network frequency range, also and then reach can be according to the order of importance and emergency of the access incident principle as elasticity Adjustment System access scheduling, in addition, desire public weapon private person with regard to some, also can drag slowly by it being finished access efficiency, download as MP3 or audio/video file, allow it beat a retreat in the face of difficulties, and on the other hand, can also allow previous user not because authority credentials is forced to cut off access program not as good as the new entrant, to rationalize multi-user's network data access environment.
Below will steps flow chart of the present invention be described with an embodiment, please refer to Fig. 4, suppose to have a request access instruction to send, the target of its access is a text file (.DOC), request access instruction source is manager, desire the accessing file capacity less than 4MB, then pass through ordering mechanism, the gained authority credentials is 22, corresponding to program F, shown in access right tabulation 80, and before its instruction carries out, there has been program A, B, C, the execution access program of D and E, the disclosed dynamic appointment of the present invention, the program authority value according to newly coming in gives computing again, be updated to access right tabulation 80 by original access right tabulation 70, reach dynamic appointment demand of the present invention.
The above only is the present invention's preferred embodiment wherein, is not to be used for limiting practical range of the present invention; Be that all equalizations of being done according to claims scope of the present invention change and modification, be all claims of the present invention and contain.

Claims (9)

1. the method for a dynamic specified network access right is characterized in that, includes the following step:
Set up a plurality of different rights parameters tables in storage server, so that weighting parameters to be provided;
Reception is from the request access instruction of end host;
Read this request access instruction, and, obtain corresponding to this weighting parameters of each rights parameters table respectively according to this request access instruction;
This weighting parameters at each request access instruction is sued for peace;
Summation according to this weighting parameters sorts, and produces access right tabulation; And
According to this access right tabulation distributing system resource and execution access.
2. the dynamic method of specified network access right according to claim 1, wherein respectively this weighting parameters comprises that access target, request access instruction send source and request access instruction transmitting time.
3. as the method for dynamic specified network access right as described in the claim 2, wherein this access target comprises a file kenel and a file size.
4. as the method for dynamic specified network access right as described in the claim 3, wherein this access target more comprises one and estimates the file access time.
5. as the method for dynamic specified network access right as described in the claim 2, wherein this request access instruction sends the source and comprises a user's account number and an end host address.
6. as the method for dynamic specified network access right as described in the claim 2, wherein this request access instruction comprises this access target, this request access instruction sends the source.
7. as the method for dynamic specified network access right as described in the claim 6, wherein this request access instruction more comprises this request access instruction transmitting time.
8. the dynamic method of specified network access right according to claim 1, by a dynamic assignment proportional distribution system resource, wherein this dynamic assignment schedule of proportion is shown:
(a 1+a 2+a 3+...+a n)/
(a 1+a 2+...+a n+b 1+b 2+...+b n+...+m 1+m 2+...m n);
A, b ..., m: represent different request access instructions; And
1,2 ..., n: represent different classes of weighting parameters.
9. the dynamic method of specified network access right according to claim 1, wherein this access right tabulation comprises the title of this request access instruction, the summation and a system resource allocation ratio of this weighting parameters.
CN 03154372 2003-08-20 2003-08-20 Method for dynamic appointed network accessing authority Expired - Fee Related CN1291321C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 03154372 CN1291321C (en) 2003-08-20 2003-08-20 Method for dynamic appointed network accessing authority

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 03154372 CN1291321C (en) 2003-08-20 2003-08-20 Method for dynamic appointed network accessing authority

Publications (2)

Publication Number Publication Date
CN1584854A CN1584854A (en) 2005-02-23
CN1291321C true CN1291321C (en) 2006-12-20

Family

ID=34597972

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 03154372 Expired - Fee Related CN1291321C (en) 2003-08-20 2003-08-20 Method for dynamic appointed network accessing authority

Country Status (1)

Country Link
CN (1) CN1291321C (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8013346B2 (en) 2000-12-21 2011-09-06 Semiconductor Energy Laboratory Co., Ltd. Light emitting device and method of manufacturing the same

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8013346B2 (en) 2000-12-21 2011-09-06 Semiconductor Energy Laboratory Co., Ltd. Light emitting device and method of manufacturing the same

Also Published As

Publication number Publication date
CN1584854A (en) 2005-02-23

Similar Documents

Publication Publication Date Title
US20120047509A1 (en) Systems and Methods for Improving Performance of Computer Systems
AU6902300A (en) Graceful distribution in application server load balancing
KR20070019519A (en) Systems and methods for fine grained access control of data stored in relational databases
Neumann et al. STACEE: Enhancing storage clouds using edge devices
US11243947B1 (en) Handshake protocol to facilitate invocation of external table functions
US7290053B2 (en) System and method for enforcing quotas on object creation in a replicated directory service database
US8671087B2 (en) System, method and computer program product for scanning and indexing data for different purposes
US10063601B2 (en) Client identification for enforcing computer resource quotas
US20170272541A1 (en) Local enforcement of computer resource quotas
CN106055706A (en) Cache resource storage method and device
CN1506848A (en) Method and system for allocating storage in competitive service under distributed computing environment
US20060294598A1 (en) Community instance access control in a collaborative system
Ashby Extension's progress in the paperless revolution: Balancing digital and paper
CN1291321C (en) Method for dynamic appointed network accessing authority
US7356712B2 (en) Method of dynamically assigning network access priorities
Chen et al. Fairness constraint efficiency optimization for multiresource allocation in a cluster system serving internet of things
CN101075889A (en) Digital multi-medium interaction service gate system
CN110069319B (en) Multi-target virtual machine scheduling method and system for cloud resource management
Sharma et al. TOSDS: tenant-centric object-based software defined storage for multitenant saas applications
WO2022089321A1 (en) Method and apparatus for scheduling access point, and server and storage medium
CN1187691C (en) New method for veriying citizenship
CN111651436B (en) Processing method, system and computing device for user-generated content
US10887381B1 (en) Management of allocated computing resources in networked environment
US11233847B1 (en) Management of allocated computing resources in networked environment
US20080172490A1 (en) Data scanning system and method thereof

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20061220

Termination date: 20100820