CN1859166A - Method for controlling power of data management - Google Patents

Method for controlling power of data management Download PDF

Info

Publication number
CN1859166A
CN1859166A CNA2005101008707A CN200510100870A CN1859166A CN 1859166 A CN1859166 A CN 1859166A CN A2005101008707 A CNA2005101008707 A CN A2005101008707A CN 200510100870 A CN200510100870 A CN 200510100870A CN 1859166 A CN1859166 A CN 1859166A
Authority
CN
China
Prior art keywords
data
single data
user
authority
administration authority
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CNA2005101008707A
Other languages
Chinese (zh)
Other versions
CN100459519C (en
Inventor
解宁
任宝刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lu Sumei
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CNB2005101008707A priority Critical patent/CN100459519C/en
Priority to PCT/CN2006/002714 priority patent/WO2007048320A1/en
Publication of CN1859166A publication Critical patent/CN1859166A/en
Application granted granted Critical
Publication of CN100459519C publication Critical patent/CN100459519C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A method for controlling data management authority includes dividing data into radical data and non-radical data; wherein said radical data without quoting other data in increasing, non-radical data Requiring Quoting radical data or other non-radical data in increasing; network administration system configuring radical data administration authority for each user, in managing radical data, directly querying out user administration authority to said radical data to judge whether user can manage said radical data; in managing non-radical data, according to non-radical data querying relevant one or more of radical data and checking whether user possess of administration authority to these radical data to judge whether user can manage said non-radical data. Utilizing the present invention, network administrator only require configuring a few data administration authority to realize controlling other data administration authority, reducing configuring work load, at the same time capable of realizing unified management to relevant data administration authority, avoiding occurrence of collision or discordance.

Description

The method that control of authority is carried out in management to data
Technical field
The present invention relates to the network management technology field, relate in particular to a kind of method that control of authority is carried out in management to data.
Background technology
Network management system (or claiming webmaster) is the network apparatus management system in the communication network, if require NMS user only the data of some specified requirements to be managed, then this condition is called administration authority.In the webmaster of present telecommunications, particularly in the webmaster in NGN (next generation network) field, because flattening feature and the cross-region feature of NGN, require webmaster providing under the situation of centralized management, support administration authority, allow and only allow the relevant data of management local domain so that be distributed in the NMS user of different regions by different regions dividing data.
In the prior art, the webmaster method that control of authority is carried out in management to data is that each bar data all is numbered, and disposes the Serial Number Range of the manageable data of NMS user then.Network management system is controlled the administration authority of NMS user to certain bar data by checking the manageable data number of user.The shortcoming of this method is:
1, under the very many situations of data class, need all dispose the manageable data number scope of NMS user to each data to each user, workload is big.
Such as in the resource data configuration of Softswitch, can reach more than 200 kind of resource at most, if to each NMS user, all dispose its operable resource number scope, then will carry out 200 various configurations; And it is individual to have a lot of users' (being made as n) in the actual network management system, and these Serial Number Range configuration operations will carry out 200*n time like this.
2, under the situation of relevant relation between the data, appearance is inconsistent to the administration authority of related data configuration easily, causes the user that conflict or inconsistent is appearred in the administration authority of data.
Such as for office direction in the soft switch and route, when configuration, require first configuring office, according to office direction configuration route, office direction and route are associated data again.The office direction that requirement has authority to view when checking is consistent with route.If but the administration authority of configuration is inconsistent, the office direction that can check and the route that can check may occur can not corresponding fully situation.
Summary of the invention
Technical problem to be solved by this invention is: overcome the method configuration effort amount that existing webmaster carries out control of authority to data management big, be prone to the inconsistent shortcoming of the administration authority of related data configuration, a kind of method that control of authority is carried out in management to data is provided, reduce the configuration effort amount, and realization avoids occurring conflict or inconsistent to the unified management of relevant data management authority.
The present invention solves the problems of the technologies described above the technical scheme that is adopted to be:
This method that control of authority is carried out in management to data may further comprise the steps:
Network management system is divided into single data and non-single data with data, and single data is the data that do not need to quote other data when increasing these data; Non-single data is the data that require to quote single data or other non-single data when increasing these data;
Network management system, directly inquires the user administration authority of this single data is judged whether the user can manage this single data when the management single data for the administration authority that each user disposes single data; When the non-single data of management, inquire relevant one or more single data according to non-single data, and check whether the user has administration authority to these single data and judge whether the user can manage this non-single data.
Can set up a complete incidence relation figure for all data earlier, single data and non-single data all are nodes among the figure, then system as required from figure non-single data node to single data node searching reachable path, if any reachable path, then inquire corresponding one or more single data, and then according to the user whether these single data are had administration authority and judge whether the user can manage this non-single data according to non-single data.
When the single data that inquires according to non-single data judged whether the user can manage this non-single data, if inquire the YITIAOGEN data, and the user had administration authority to this single data, and then this user has administration authority to this non-single data, otherwise does not then have administration authority;
If inquire many related different types of single data according to non-single data, then the administration authority of this non-single data is judged by the logical algorithm to all or part of single data administration authority found.
Described logical algorithm comprise ask with, ask or, or ask and, ask or logical combination.
Described logical algorithm is built in the network management system, or is configured by the user in network management system.
When the user inquiring data, network management system is filtered according to administration authority, makes the user only inquire the data that oneself have administration authority, and can't inquire the data that do not have administration authority; Perhaps when the user inquiring data, can inquire all data, when carrying out the data change operation, check the administration authority of user to data to make the user only can operate the data that oneself have administration authority.
Network management system inquires the single data that the user can manage, single data with non-single data correspondence checks out again, both obtain a single data set after getting common factor, and corresponding non-single data and the single data of this single data set promptly is the data that network management system has administration authority.
When disposing the administration authority of single data for the user, after the user that network management system has a more senior authority logins network management system, in the safety management of network management system, inquire single data and each NMS user account number, be the administration authority of each NMS user account number configuration single data.
Network management system is after the operation requests that receives the user inquiring single data, and the user account number according to current operation user inquires the manageable single data of this user account number in the security system data storehouse of webmaster.
Beneficial effect of the present invention is: network management system of the present invention is divided into single data and non-single data with data, network management system disposes the administration authority of single data for each user, when the management single data, directly inquire the user administration authority of this single data is judged whether the user can manage this single data; When the non-single data of management, inquire relevant one or more single data according to non-single data, and check whether the user has administration authority to these single data and judge whether the user can manage this non-single data.Utilize the present invention, webmaster only need be configured by the administration authority to low volume data, can realize the administration authority of other data is controlled, and has reduced the configuration effort amount, can realize simultaneously unified management, avoid occurring conflict or inconsistent related data management authority.
Embodiment
According to embodiment the present invention is described in further detail below:
Network management system of the present invention need be understood the relation between the data, and summarizes several class data as single data, and the data of other classification are as non-single data.
So-called single data is meant when increasing these data, does not need to quote other data; So-called non-single data requires to quote single data or other non-single data exactly when increasing these data.
For example: in the data of soft switch, the record of a media gateway is the YITIAOGEN data, because do not need other data in the cited system when increasing these data; Article one, the record of No. seven trunk groups then is a non-single data, because need references media gateway record when increasing these data.
For example: office direction is a single data, because do not need to quote the data that other has been configured when increasing office direction; Route just is non-single data, because require to quote already added certain bar office direction data when increasing route.
Webmaster only need dispose the administration authority of single data for each user, the user who has more senior authority such as network management system is after the login network management system, in " safety management " of network management system, can inquire single data and other NMS user account number, the power user can for which single data is each NMS user account number dispose can be by this user management.
The user is when the management single data, and only need directly inquire the user can judge to the administration authority of this single data whether the user can manage this single data.Network management system is after the operation requests that receives the user inquiring single data, and the user account number according to current operation user inquires the manageable single data of this user account number in the security system data storehouse of webmaster.
The user is when the non-single data of management, need system to inquire relevant one or more single data (network management system self has a cover to inquire the algorithm of single data from non-single data) from non-single data automatically, and check whether the user has administration authority to these single data, system can judge whether non-single data has administration authority according to the administration authority of the single data of checking out.If inquire the YITIAOGEN data, and the user has administration authority to this single data, and then this user has administration authority to this non-single data, otherwise does not then have administration authority; If inquire many related different types of single data according to non-single data, then the administration authority of this non-single data can be judged by the logical algorithm to all or part of single data administration authority found.
When the user inquiring data, network management system can be filtered according to administration authority, makes the user only inquire the data that oneself have administration authority, and can't inquire the data that do not have administration authority; Also can not provide the query filter function, make the user can inquire all data, and only when carrying out the data change operation, reexamine the administration authority of data.When filtering according to administration authority, network management system inquires the single data that current account number can be managed, single data with non-single data correspondence checks out again, both obtain a single data set after getting common factor, and the corresponding non-single data of this single data set promptly is by the administration authority filtered data.
Inquiring relevant single data from non-single data may need to experience middle other non-single data of multilayer, and network management system need date back to till the single data always.Can set up a complete incidence relation figure for all data earlier, single data and non-single data all are nodes among the figure, then as required from figure non-single data node to single data node searching reachable path, if any reachable path, illustrate that then non-single data can date back to corresponding single data, thereby inquire one or more corresponding single data according to non-single data.
Such as the office direction data that are numbered 0,1 is single data, and being numbered 10 number of routes is non-single data, and has quoted and be numbered 0 office direction data; Being numbered 100 sub-route data is non-radical, and has quoted and be numbered 10 number of routes, then can set up an incidence relation figure in internal memory or other storage medium, and sub-route 100 is associated with route 10, and route 10 is associated with office direction 0; Whether when checking the user antithetical phrase route 100 has administration authority, needing has reachable path between sub-route 100 of search and office direction 0, the office direction 1.From last example, as can be known, between sub-route 100 and the office direction 0 reachable path is arranged, and and do not have reachable path between the office direction 1, illustrate that the administration authority of user's antithetical phrase route 100 depends on the administration authority of user to office direction 0, and irrelevant with office direction 1.
If related many inhomogeneous single data of non-single data, then the administration authority of these non-single data can be by judging the logical algorithm of all or part of single data administration authority.Article one, non-single data may related many different types of single data, such as trunk group in the soft switch, can the related existing media gateway data of single data, and the office direction data are also arranged.When requiring that many single data are had administration authority, the user could have administration authority to corresponding non-single data, then be called ask with.Logical algorithm comprises the logical combination of " ask with ", " ask or " or " ask with "/" ask or ".Can be associated with single data a, b, c such as a non-single data, logical combination can be (a has administration authority and b that manage is arranged) or (c has administration authority).
Suppose that the sub-route 100 that goes up in the example is numbered 0 office direction data except being associated with one, can also be associated with another is numbered 3 gateway data, one and is numbered 9 signalling point data, and logical algorithm requires: (the office direction data have authority and gateway data that authority is arranged) or (the signalling point data have authority), and user's antithetical phrase route 100 has administration authority when then satisfying following condition:
When 1, the user has administration authority simultaneously to office direction 0 and gateway 3;
When 2, the user has administration authority to signalling point data 9.
User's antithetical phrase route 100 no administration authorities during following condition
When 1, the user does not have administration authority to office direction 0 and signalling point 9;
When 2, the user does not have administration authority to gateway 3 and signalling point 9.
The realization of logical algorithm is built in the time of can realizing in system in the system and is immutable; Be not built in the system in the time of can realizing yet, when the actual use of system, be configured by the user in system; Built-in in the time of can also realizing in system, when the actual use of system, change by the user.
Utilize the present invention, in the network management system administration authority of non-single data is determined by the administration authority of inquiry associated root data, and do not needed directly to distribute by network management system.Webmaster only need be configured by the administration authority to low volume data, can realize the administration authority of other data is controlled, reduced the configuration effort amount, can realize unified management simultaneously, avoided occurring conflict or inconsistent the administration authority of related data.If non-single data relates to many single data, the present invention also supports the administration authority of many single data is carried out logical combination, and this logical combination both can be system's acquiescence automatically, also can be that the user is by system customization.
The scope of data is quite extensive in the network management system, except webmaster self produces data, introduce and the data that need to carry out rights management webmaster can be brought in the notion of data from other system, also can support this programme such as the alarm data that slave unit reports.All data can be divided into single data and non-single data, necessarily can find single data from non-single data, and non-single data is not necessarily arranged under the single data.
Those skilled in the art do not break away from essence of the present invention and spirit, can there be the various deformation scheme to realize the present invention, the above only is the preferable feasible embodiment of the present invention, be not so limit to interest field of the present invention, the equivalence that all utilizations description of the present invention is done changes, and all is contained within the interest field of the present invention.

Claims (10)

1, a kind of method that control of authority is carried out in management to data is characterized in that, may further comprise the steps:
Network management system is divided into single data and non-single data with data, and single data is the data that do not need to quote other data when increasing these data; Non-single data is the data that require to quote single data or other non-single data when increasing these data;
Network management system, directly inquires the user administration authority of this single data is judged whether the user can manage this single data when the management single data for the administration authority that each user disposes single data; When the non-single data of management, inquire relevant one or more single data according to non-single data, and check whether the user has administration authority to these single data and judge whether the user can manage this non-single data.
2, the method that control of authority is carried out in management to data according to claim 1, it is characterized in that: set up a complete incidence relation figure for all data earlier, single data and non-single data all are nodes among the figure, then as required from figure non-single data node to single data node searching reachable path, if any reachable path, then inquire corresponding one or more single data, and then according to the user whether these single data are had administration authority and judge whether the user can manage this non-single data according to non-single data.
3, the method that control of authority is carried out in management to data according to claim 1 and 2, it is characterized in that: when the single data that inquires according to non-single data judges whether the user can manage this non-single data, if inquire the YITIAOGEN data, and the user has administration authority to this single data, then this user has administration authority to this non-single data, otherwise does not then have administration authority;
4, the method that control of authority is carried out in management to data according to claim 3, it is characterized in that: if inquire many related different types of single data according to non-single data, then the administration authority of this non-single data is judged by the logical algorithm to all or part of single data administration authority found.
5, the method that control of authority is carried out in data management according to claim 4 is characterized in that: described logical algorithm comprise ask with, ask or, or ask and, ask or logical combination.
6, the method that control of authority is carried out in management to data according to claim 4, it is characterized in that: described logical algorithm is built in the network management system, or is configured by the user in network management system.
7, the method that control of authority is carried out in management to data according to claim 4, it is characterized in that: when the user inquiring data, network management system is filtered according to administration authority, makes the user only inquire the data that oneself have administration authority, can't inquire the data that do not have administration authority; Perhaps when the user inquiring data, can inquire all data, when carrying out the data change operation, check the administration authority of user to data to make the user only can operate the data that oneself have administration authority.
8, the method that control of authority is carried out in management to data according to claim 7, it is characterized in that: network management system inquires the single data that the user can manage, single data with non-single data correspondence checks out again, both obtain a single data set after getting common factor, corresponding non-single data and the single data of this single data set promptly is the data that network management system has administration authority.
9, the method that control of authority is carried out in management to data according to claim 3, it is characterized in that: when disposing the administration authority of single data for the user, after the user that network management system has a more senior authority logins network management system, in the safety management of network management system, inquire single data and each NMS user account number, be the administration authority of each NMS user account number configuration single data.
10, the method that control of authority is carried out in management to data according to claim 9, it is characterized in that: network management system is after the operation requests that receives the user inquiring single data, user account number according to current operation user inquires the manageable single data of this user account number in the security system data storehouse of webmaster.
CNB2005101008707A 2005-10-28 2005-10-28 Method for controlling power of data management Expired - Fee Related CN100459519C (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CNB2005101008707A CN100459519C (en) 2005-10-28 2005-10-28 Method for controlling power of data management
PCT/CN2006/002714 WO2007048320A1 (en) 2005-10-28 2006-10-16 Method and web managing system for controlling authority of data management

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB2005101008707A CN100459519C (en) 2005-10-28 2005-10-28 Method for controlling power of data management

Publications (2)

Publication Number Publication Date
CN1859166A true CN1859166A (en) 2006-11-08
CN100459519C CN100459519C (en) 2009-02-04

Family

ID=37298033

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2005101008707A Expired - Fee Related CN100459519C (en) 2005-10-28 2005-10-28 Method for controlling power of data management

Country Status (2)

Country Link
CN (1) CN100459519C (en)
WO (1) WO2007048320A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101141763B (en) * 2007-10-09 2010-06-02 中兴通讯股份有限公司 Method and system of performing network element configuring authority management according to granularity of network element
CN101267343B (en) * 2008-04-25 2011-01-05 中兴通讯股份有限公司 A method for multiple clients to configure server network element data
CN101312396B (en) * 2007-05-24 2011-01-19 中兴通讯股份有限公司 Electronic workform management system and resource authority control method thereof
CN101571858B (en) * 2008-04-28 2013-06-19 国际商业机器公司 Method and device for setting and checking security of a plurality of objects

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1124725C (en) * 2000-04-17 2003-10-15 中国普天信息产业集团公司 Telephone exchange system and method based on internet protocol
CN1194502C (en) * 2002-04-22 2005-03-23 华为技术有限公司 System and method for managing access authority of network users
CN1235151C (en) * 2002-11-02 2006-01-04 华为技术有限公司 Method of control system safety management
CN100370737C (en) * 2003-11-12 2008-02-20 鸿富锦精密工业(深圳)有限公司 Managing system and method for user authority
CN100381964C (en) * 2003-12-26 2008-04-16 华为技术有限公司 A user right management method

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101312396B (en) * 2007-05-24 2011-01-19 中兴通讯股份有限公司 Electronic workform management system and resource authority control method thereof
CN101141763B (en) * 2007-10-09 2010-06-02 中兴通讯股份有限公司 Method and system of performing network element configuring authority management according to granularity of network element
CN101267343B (en) * 2008-04-25 2011-01-05 中兴通讯股份有限公司 A method for multiple clients to configure server network element data
CN101571858B (en) * 2008-04-28 2013-06-19 国际商业机器公司 Method and device for setting and checking security of a plurality of objects

Also Published As

Publication number Publication date
CN100459519C (en) 2009-02-04
WO2007048320A1 (en) 2007-05-03

Similar Documents

Publication Publication Date Title
EP3701741B1 (en) Network slice management
DE69829383T2 (en) METHOD AND DEVICE FOR PRESENTING AND USING NETWORK OPOLOGY DATA
US8190561B1 (en) LDAP replication priority queuing mechanism
CN1404260A (en) Hierarchical management system for distributed network management platform
WO2008011082A2 (en) Management of telephone call routing using a directory services schema
CN104365058A (en) Systems and methods for caching SNMP data in multi-core and cluster systems
CN104380660A (en) Systems and methods for trap monitoring in multi-core and cluster systems
US9071512B2 (en) Methods, systems, and computer readable media for distributing diameter network management information
CN111147528A (en) Method for managing network security policy
US10778512B2 (en) System and method for network provisioning
CN1859166A (en) Method for controlling power of data management
US20110270807A1 (en) Method In A Database Server
WO2018041101A1 (en) Data query method and apparatus and data query processing method and apparatus
US20120173615A1 (en) Data broker method, apparatus and system
CN109981768A (en) I/o multipath planning method and equipment in distributed network storage system
CN1852263A (en) Message access controlling method and a network apparatus
CN1852145A (en) System and method for identifying authority using relative inquire
CN110324253A (en) Flow control methods, device, storage medium and electronic equipment
EP2538612A1 (en) Method and device for managing service
EP1488363A2 (en) Policy based system management
CN102904739A (en) Method for realizing event transmission and common information model (CIM) server
CN108418857A (en) A kind of Zookeeper group systems and attaching method thereof and device
WO2005088905A1 (en) A method for managing management information base in network managing system
CN101075914A (en) RACF system and equipment with dynamic discovery function in NGN
CN102201929B (en) Network management method and network management system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20170920

Address after: 075000, No. 92, west section, Zhang Beizhen Yongtai street, Zhangjiakou County, Hebei, Zhangbei

Patentee after: Lu Sumei

Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen

Patentee before: Huawei Technologies Co., Ltd.

CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20090204

Termination date: 20171028