CN1859166A - Method for controlling power of data management - Google Patents
Method for controlling power of data management Download PDFInfo
- Publication number
- CN1859166A CN1859166A CNA2005101008707A CN200510100870A CN1859166A CN 1859166 A CN1859166 A CN 1859166A CN A2005101008707 A CNA2005101008707 A CN A2005101008707A CN 200510100870 A CN200510100870 A CN 200510100870A CN 1859166 A CN1859166 A CN 1859166A
- Authority
- CN
- China
- Prior art keywords
- data
- single data
- user
- authority
- administration authority
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 19
- 238000013523 data management Methods 0.000 title claims abstract description 6
- 238000007726 management method Methods 0.000 claims abstract description 74
- 230000011664 signaling Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/28—Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A method for controlling data management authority includes dividing data into radical data and non-radical data; wherein said radical data without quoting other data in increasing, non-radical data Requiring Quoting radical data or other non-radical data in increasing; network administration system configuring radical data administration authority for each user, in managing radical data, directly querying out user administration authority to said radical data to judge whether user can manage said radical data; in managing non-radical data, according to non-radical data querying relevant one or more of radical data and checking whether user possess of administration authority to these radical data to judge whether user can manage said non-radical data. Utilizing the present invention, network administrator only require configuring a few data administration authority to realize controlling other data administration authority, reducing configuring work load, at the same time capable of realizing unified management to relevant data administration authority, avoiding occurrence of collision or discordance.
Description
Technical field
The present invention relates to the network management technology field, relate in particular to a kind of method that control of authority is carried out in management to data.
Background technology
Network management system (or claiming webmaster) is the network apparatus management system in the communication network, if require NMS user only the data of some specified requirements to be managed, then this condition is called administration authority.In the webmaster of present telecommunications, particularly in the webmaster in NGN (next generation network) field, because flattening feature and the cross-region feature of NGN, require webmaster providing under the situation of centralized management, support administration authority, allow and only allow the relevant data of management local domain so that be distributed in the NMS user of different regions by different regions dividing data.
In the prior art, the webmaster method that control of authority is carried out in management to data is that each bar data all is numbered, and disposes the Serial Number Range of the manageable data of NMS user then.Network management system is controlled the administration authority of NMS user to certain bar data by checking the manageable data number of user.The shortcoming of this method is:
1, under the very many situations of data class, need all dispose the manageable data number scope of NMS user to each data to each user, workload is big.
Such as in the resource data configuration of Softswitch, can reach more than 200 kind of resource at most, if to each NMS user, all dispose its operable resource number scope, then will carry out 200 various configurations; And it is individual to have a lot of users' (being made as n) in the actual network management system, and these Serial Number Range configuration operations will carry out 200*n time like this.
2, under the situation of relevant relation between the data, appearance is inconsistent to the administration authority of related data configuration easily, causes the user that conflict or inconsistent is appearred in the administration authority of data.
Such as for office direction in the soft switch and route, when configuration, require first configuring office, according to office direction configuration route, office direction and route are associated data again.The office direction that requirement has authority to view when checking is consistent with route.If but the administration authority of configuration is inconsistent, the office direction that can check and the route that can check may occur can not corresponding fully situation.
Summary of the invention
Technical problem to be solved by this invention is: overcome the method configuration effort amount that existing webmaster carries out control of authority to data management big, be prone to the inconsistent shortcoming of the administration authority of related data configuration, a kind of method that control of authority is carried out in management to data is provided, reduce the configuration effort amount, and realization avoids occurring conflict or inconsistent to the unified management of relevant data management authority.
The present invention solves the problems of the technologies described above the technical scheme that is adopted to be:
This method that control of authority is carried out in management to data may further comprise the steps:
Network management system is divided into single data and non-single data with data, and single data is the data that do not need to quote other data when increasing these data; Non-single data is the data that require to quote single data or other non-single data when increasing these data;
Network management system, directly inquires the user administration authority of this single data is judged whether the user can manage this single data when the management single data for the administration authority that each user disposes single data; When the non-single data of management, inquire relevant one or more single data according to non-single data, and check whether the user has administration authority to these single data and judge whether the user can manage this non-single data.
Can set up a complete incidence relation figure for all data earlier, single data and non-single data all are nodes among the figure, then system as required from figure non-single data node to single data node searching reachable path, if any reachable path, then inquire corresponding one or more single data, and then according to the user whether these single data are had administration authority and judge whether the user can manage this non-single data according to non-single data.
When the single data that inquires according to non-single data judged whether the user can manage this non-single data, if inquire the YITIAOGEN data, and the user had administration authority to this single data, and then this user has administration authority to this non-single data, otherwise does not then have administration authority;
If inquire many related different types of single data according to non-single data, then the administration authority of this non-single data is judged by the logical algorithm to all or part of single data administration authority found.
Described logical algorithm comprise ask with, ask or, or ask and, ask or logical combination.
Described logical algorithm is built in the network management system, or is configured by the user in network management system.
When the user inquiring data, network management system is filtered according to administration authority, makes the user only inquire the data that oneself have administration authority, and can't inquire the data that do not have administration authority; Perhaps when the user inquiring data, can inquire all data, when carrying out the data change operation, check the administration authority of user to data to make the user only can operate the data that oneself have administration authority.
Network management system inquires the single data that the user can manage, single data with non-single data correspondence checks out again, both obtain a single data set after getting common factor, and corresponding non-single data and the single data of this single data set promptly is the data that network management system has administration authority.
When disposing the administration authority of single data for the user, after the user that network management system has a more senior authority logins network management system, in the safety management of network management system, inquire single data and each NMS user account number, be the administration authority of each NMS user account number configuration single data.
Network management system is after the operation requests that receives the user inquiring single data, and the user account number according to current operation user inquires the manageable single data of this user account number in the security system data storehouse of webmaster.
Beneficial effect of the present invention is: network management system of the present invention is divided into single data and non-single data with data, network management system disposes the administration authority of single data for each user, when the management single data, directly inquire the user administration authority of this single data is judged whether the user can manage this single data; When the non-single data of management, inquire relevant one or more single data according to non-single data, and check whether the user has administration authority to these single data and judge whether the user can manage this non-single data.Utilize the present invention, webmaster only need be configured by the administration authority to low volume data, can realize the administration authority of other data is controlled, and has reduced the configuration effort amount, can realize simultaneously unified management, avoid occurring conflict or inconsistent related data management authority.
Embodiment
According to embodiment the present invention is described in further detail below:
Network management system of the present invention need be understood the relation between the data, and summarizes several class data as single data, and the data of other classification are as non-single data.
So-called single data is meant when increasing these data, does not need to quote other data; So-called non-single data requires to quote single data or other non-single data exactly when increasing these data.
For example: in the data of soft switch, the record of a media gateway is the YITIAOGEN data, because do not need other data in the cited system when increasing these data; Article one, the record of No. seven trunk groups then is a non-single data, because need references media gateway record when increasing these data.
For example: office direction is a single data, because do not need to quote the data that other has been configured when increasing office direction; Route just is non-single data, because require to quote already added certain bar office direction data when increasing route.
Webmaster only need dispose the administration authority of single data for each user, the user who has more senior authority such as network management system is after the login network management system, in " safety management " of network management system, can inquire single data and other NMS user account number, the power user can for which single data is each NMS user account number dispose can be by this user management.
The user is when the management single data, and only need directly inquire the user can judge to the administration authority of this single data whether the user can manage this single data.Network management system is after the operation requests that receives the user inquiring single data, and the user account number according to current operation user inquires the manageable single data of this user account number in the security system data storehouse of webmaster.
The user is when the non-single data of management, need system to inquire relevant one or more single data (network management system self has a cover to inquire the algorithm of single data from non-single data) from non-single data automatically, and check whether the user has administration authority to these single data, system can judge whether non-single data has administration authority according to the administration authority of the single data of checking out.If inquire the YITIAOGEN data, and the user has administration authority to this single data, and then this user has administration authority to this non-single data, otherwise does not then have administration authority; If inquire many related different types of single data according to non-single data, then the administration authority of this non-single data can be judged by the logical algorithm to all or part of single data administration authority found.
When the user inquiring data, network management system can be filtered according to administration authority, makes the user only inquire the data that oneself have administration authority, and can't inquire the data that do not have administration authority; Also can not provide the query filter function, make the user can inquire all data, and only when carrying out the data change operation, reexamine the administration authority of data.When filtering according to administration authority, network management system inquires the single data that current account number can be managed, single data with non-single data correspondence checks out again, both obtain a single data set after getting common factor, and the corresponding non-single data of this single data set promptly is by the administration authority filtered data.
Inquiring relevant single data from non-single data may need to experience middle other non-single data of multilayer, and network management system need date back to till the single data always.Can set up a complete incidence relation figure for all data earlier, single data and non-single data all are nodes among the figure, then as required from figure non-single data node to single data node searching reachable path, if any reachable path, illustrate that then non-single data can date back to corresponding single data, thereby inquire one or more corresponding single data according to non-single data.
Such as the office direction data that are numbered 0,1 is single data, and being numbered 10 number of routes is non-single data, and has quoted and be numbered 0 office direction data; Being numbered 100 sub-route data is non-radical, and has quoted and be numbered 10 number of routes, then can set up an incidence relation figure in internal memory or other storage medium, and sub-route 100 is associated with route 10, and route 10 is associated with office direction 0; Whether when checking the user antithetical phrase route 100 has administration authority, needing has reachable path between sub-route 100 of search and office direction 0, the office direction 1.From last example, as can be known, between sub-route 100 and the office direction 0 reachable path is arranged, and and do not have reachable path between the office direction 1, illustrate that the administration authority of user's antithetical phrase route 100 depends on the administration authority of user to office direction 0, and irrelevant with office direction 1.
If related many inhomogeneous single data of non-single data, then the administration authority of these non-single data can be by judging the logical algorithm of all or part of single data administration authority.Article one, non-single data may related many different types of single data, such as trunk group in the soft switch, can the related existing media gateway data of single data, and the office direction data are also arranged.When requiring that many single data are had administration authority, the user could have administration authority to corresponding non-single data, then be called ask with.Logical algorithm comprises the logical combination of " ask with ", " ask or " or " ask with "/" ask or ".Can be associated with single data a, b, c such as a non-single data, logical combination can be (a has administration authority and b that manage is arranged) or (c has administration authority).
Suppose that the sub-route 100 that goes up in the example is numbered 0 office direction data except being associated with one, can also be associated with another is numbered 3 gateway data, one and is numbered 9 signalling point data, and logical algorithm requires: (the office direction data have authority and gateway data that authority is arranged) or (the signalling point data have authority), and user's antithetical phrase route 100 has administration authority when then satisfying following condition:
When 1, the user has administration authority simultaneously to office direction 0 and gateway 3;
When 2, the user has administration authority to signalling point data 9.
User's antithetical phrase route 100 no administration authorities during following condition
When 1, the user does not have administration authority to office direction 0 and signalling point 9;
When 2, the user does not have administration authority to gateway 3 and signalling point 9.
The realization of logical algorithm is built in the time of can realizing in system in the system and is immutable; Be not built in the system in the time of can realizing yet, when the actual use of system, be configured by the user in system; Built-in in the time of can also realizing in system, when the actual use of system, change by the user.
Utilize the present invention, in the network management system administration authority of non-single data is determined by the administration authority of inquiry associated root data, and do not needed directly to distribute by network management system.Webmaster only need be configured by the administration authority to low volume data, can realize the administration authority of other data is controlled, reduced the configuration effort amount, can realize unified management simultaneously, avoided occurring conflict or inconsistent the administration authority of related data.If non-single data relates to many single data, the present invention also supports the administration authority of many single data is carried out logical combination, and this logical combination both can be system's acquiescence automatically, also can be that the user is by system customization.
The scope of data is quite extensive in the network management system, except webmaster self produces data, introduce and the data that need to carry out rights management webmaster can be brought in the notion of data from other system, also can support this programme such as the alarm data that slave unit reports.All data can be divided into single data and non-single data, necessarily can find single data from non-single data, and non-single data is not necessarily arranged under the single data.
Those skilled in the art do not break away from essence of the present invention and spirit, can there be the various deformation scheme to realize the present invention, the above only is the preferable feasible embodiment of the present invention, be not so limit to interest field of the present invention, the equivalence that all utilizations description of the present invention is done changes, and all is contained within the interest field of the present invention.
Claims (10)
1, a kind of method that control of authority is carried out in management to data is characterized in that, may further comprise the steps:
Network management system is divided into single data and non-single data with data, and single data is the data that do not need to quote other data when increasing these data; Non-single data is the data that require to quote single data or other non-single data when increasing these data;
Network management system, directly inquires the user administration authority of this single data is judged whether the user can manage this single data when the management single data for the administration authority that each user disposes single data; When the non-single data of management, inquire relevant one or more single data according to non-single data, and check whether the user has administration authority to these single data and judge whether the user can manage this non-single data.
2, the method that control of authority is carried out in management to data according to claim 1, it is characterized in that: set up a complete incidence relation figure for all data earlier, single data and non-single data all are nodes among the figure, then as required from figure non-single data node to single data node searching reachable path, if any reachable path, then inquire corresponding one or more single data, and then according to the user whether these single data are had administration authority and judge whether the user can manage this non-single data according to non-single data.
3, the method that control of authority is carried out in management to data according to claim 1 and 2, it is characterized in that: when the single data that inquires according to non-single data judges whether the user can manage this non-single data, if inquire the YITIAOGEN data, and the user has administration authority to this single data, then this user has administration authority to this non-single data, otherwise does not then have administration authority;
4, the method that control of authority is carried out in management to data according to claim 3, it is characterized in that: if inquire many related different types of single data according to non-single data, then the administration authority of this non-single data is judged by the logical algorithm to all or part of single data administration authority found.
5, the method that control of authority is carried out in data management according to claim 4 is characterized in that: described logical algorithm comprise ask with, ask or, or ask and, ask or logical combination.
6, the method that control of authority is carried out in management to data according to claim 4, it is characterized in that: described logical algorithm is built in the network management system, or is configured by the user in network management system.
7, the method that control of authority is carried out in management to data according to claim 4, it is characterized in that: when the user inquiring data, network management system is filtered according to administration authority, makes the user only inquire the data that oneself have administration authority, can't inquire the data that do not have administration authority; Perhaps when the user inquiring data, can inquire all data, when carrying out the data change operation, check the administration authority of user to data to make the user only can operate the data that oneself have administration authority.
8, the method that control of authority is carried out in management to data according to claim 7, it is characterized in that: network management system inquires the single data that the user can manage, single data with non-single data correspondence checks out again, both obtain a single data set after getting common factor, corresponding non-single data and the single data of this single data set promptly is the data that network management system has administration authority.
9, the method that control of authority is carried out in management to data according to claim 3, it is characterized in that: when disposing the administration authority of single data for the user, after the user that network management system has a more senior authority logins network management system, in the safety management of network management system, inquire single data and each NMS user account number, be the administration authority of each NMS user account number configuration single data.
10, the method that control of authority is carried out in management to data according to claim 9, it is characterized in that: network management system is after the operation requests that receives the user inquiring single data, user account number according to current operation user inquires the manageable single data of this user account number in the security system data storehouse of webmaster.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005101008707A CN100459519C (en) | 2005-10-28 | 2005-10-28 | Method for controlling power of data management |
| PCT/CN2006/002714 WO2007048320A1 (en) | 2005-10-28 | 2006-10-16 | Method and web managing system for controlling authority of data management |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005101008707A CN100459519C (en) | 2005-10-28 | 2005-10-28 | Method for controlling power of data management |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1859166A true CN1859166A (en) | 2006-11-08 |
| CN100459519C CN100459519C (en) | 2009-02-04 |
Family
ID=37298033
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2005101008707A Expired - Fee Related CN100459519C (en) | 2005-10-28 | 2005-10-28 | Method for controlling power of data management |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN100459519C (en) |
| WO (1) | WO2007048320A1 (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101141763B (en) * | 2007-10-09 | 2010-06-02 | 中兴通讯股份有限公司 | Method and system of performing network element configuring authority management according to granularity of network element |
| CN101267343B (en) * | 2008-04-25 | 2011-01-05 | 中兴通讯股份有限公司 | A method for multiple clients to configure server network element data |
| CN101312396B (en) * | 2007-05-24 | 2011-01-19 | 中兴通讯股份有限公司 | Electronic workform management system and resource authority control method thereof |
| CN101571858B (en) * | 2008-04-28 | 2013-06-19 | 国际商业机器公司 | Method and device for setting and checking security of a plurality of objects |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1124725C (en) * | 2000-04-17 | 2003-10-15 | 中国普天信息产业集团公司 | Telephone exchange system and method based on internet protocol |
| CN1194502C (en) * | 2002-04-22 | 2005-03-23 | 华为技术有限公司 | System and method for managing access authority of network users |
| CN1235151C (en) * | 2002-11-02 | 2006-01-04 | 华为技术有限公司 | Method of control system safety management |
| CN100370737C (en) * | 2003-11-12 | 2008-02-20 | 鸿富锦精密工业(深圳)有限公司 | Managing system and method for user authority |
| CN100381964C (en) * | 2003-12-26 | 2008-04-16 | 华为技术有限公司 | A user right management method |
-
2005
- 2005-10-28 CN CNB2005101008707A patent/CN100459519C/en not_active Expired - Fee Related
-
2006
- 2006-10-16 WO PCT/CN2006/002714 patent/WO2007048320A1/en active Application Filing
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101312396B (en) * | 2007-05-24 | 2011-01-19 | 中兴通讯股份有限公司 | Electronic workform management system and resource authority control method thereof |
| CN101141763B (en) * | 2007-10-09 | 2010-06-02 | 中兴通讯股份有限公司 | Method and system of performing network element configuring authority management according to granularity of network element |
| CN101267343B (en) * | 2008-04-25 | 2011-01-05 | 中兴通讯股份有限公司 | A method for multiple clients to configure server network element data |
| CN101571858B (en) * | 2008-04-28 | 2013-06-19 | 国际商业机器公司 | Method and device for setting and checking security of a plurality of objects |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2007048320A1 (en) | 2007-05-03 |
| CN100459519C (en) | 2009-02-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3701741B1 (en) | Network slice management | |
| US8190561B1 (en) | LDAP replication priority queuing mechanism | |
| CN113596110B (en) | Cloud primary micro-service platform oriented to heterogeneous cloud | |
| CN1404260A (en) | Hierarchical management system for distributed network management platform | |
| WO2008011082A2 (en) | Management of telephone call routing using a directory services schema | |
| CN104365058A (en) | Systems and methods for caching SNMP data in multi-core and cluster systems | |
| US9071512B2 (en) | Methods, systems, and computer readable media for distributing diameter network management information | |
| CN103155524A (en) | Systems and methods for IIP address sharing across cores in a multi-core system | |
| CN104380660A (en) | Systems and methods for trap monitoring in multi-core and cluster systems | |
| EP2932693A1 (en) | Exchange of server status and client information through headers for request management and load balancing | |
| CN103838770A (en) | Logic data partition method and system | |
| CN111147528A (en) | Method for managing network security policy | |
| CN1859166A (en) | Method for controlling power of data management | |
| WO2018041101A1 (en) | Data query method and apparatus and data query processing method and apparatus | |
| US20190327138A1 (en) | System and method for network provisioning | |
| US20120173615A1 (en) | Data broker method, apparatus and system | |
| CN109981768A (en) | I/o multipath planning method and equipment in distributed network storage system | |
| EP2377046A1 (en) | Method in a database server | |
| CN1852263A (en) | Message access controlling method and a network apparatus | |
| CN110324253A (en) | Flow control methods, device, storage medium and electronic equipment | |
| EP2538612A1 (en) | Method and device for managing service | |
| EP1488363A2 (en) | Policy based system management | |
| CN102904739A (en) | Method for realizing event transmission and common information model (CIM) server | |
| CN108418857A (en) | A kind of Zookeeper group systems and attaching method thereof and device | |
| WO2005088905A1 (en) | A method for managing management information base in network managing system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20170920 Address after: 075000, No. 92, west section, Zhang Beizhen Yongtai street, Zhangjiakou County, Hebei, Zhangbei Patentee after: Lu Sumei Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen Patentee before: Huawei Technologies Co., Ltd. |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090204 Termination date: 20171028 |