CN202856786U - System for authority management - Google Patents
System for authority management Download PDFInfo
- Publication number
- CN202856786U CN202856786U CN 201220553397 CN201220553397U CN202856786U CN 202856786 U CN202856786 U CN 202856786U CN 201220553397 CN201220553397 CN 201220553397 CN 201220553397 U CN201220553397 U CN 201220553397U CN 202856786 U CN202856786 U CN 202856786U
- Authority
- CN
- China
- Prior art keywords
- server
- management server
- role
- management
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Images
Abstract
The utility model relates to the technology of information security, and particularly relates to a system for authority management. The system comprises a management server, an association server, an authority authentication server, a memorizer, a log storage device and an update server; data in the management server generates association data through the association server, and the association data is stored in the memorizer; the authority authentication server carries out user authentication through data in the association server; and data in the management server is updated through the update server, and data variations are stored through the log storing device. The system provided by the utility model has the beneficial effects that: first, users with the same authority are authorized uniformly, thereby reducing the authorization workload of an administer; second, role priority is set during role authorization, thereby solving the problem of mutually exclusive role authorization, and adapting to authorization requirements of different roles in different occasions; and third, control of functions is subdivided to a button level, thereby separating access authority from operating authority of users.
Description
Technical field
The utility model relates to information security technology, relates in particular to a kind of system for rights management.
Background technology
In the WEB information system, most of users have many identical authorities, if one by one the user is authorized, it is huge that workload can become, and make mistakes easily.Introduce thus the user and organized this concept, after introducing user's group, authority or the identical class user of role can be put together, unified granted rights, can exist between user's group and inherit and the characteristic that comprises, the different user groups authority is different, and the keeper can realize the dynamic management to user right like this.
But, introduce and still exist some problems after the user organizes:
1, role A has authority P, and role B does not have authority P, and A and B have mutex relation, and the user can not be endowed A and these two roles of B simultaneously in traditional RBAC model;
2, in traditional RBAC model, the keeper is after carrying out granted rights to the user, since only with delineation of power to the menu item one-level, the keeper can only control user's access rights and can not control user's operating right like this, so that the keeper is to the obvious deficiency of user's control.
The utility model content
The utility model is to overcome above-mentioned weak point, purpose is to provide a kind of system for rights management, by user's group, role's priority concept, based on fine-grained rights management, realization to one group of identical user's same mandate, solve mutual exclusion role authorization problem, and user's access rights and operating right are separated.
The utility model is to achieve the above object by the following technical programs: a kind of system for rights management, comprise management server, associated server, purview certification server, memory, log store equipment, update server, described management server is connected with associated server, management server also is connected with log store equipment, update server, and associated server is connected with memory, purview certification server; Data communication device in the described management server is crossed associated server generation associated data and is kept in the memory, the purview certification server carries out the user by the data in the associated server and authenticates, and the data communication device in the management server is crossed that update server is upgraded and data movement is preserved by log store equipment.
As preferably, described management server comprises subscriber management server, character management server, right management server, menu management server.
As preferably, associated server comprises user role associated server, role-security associated server, role's menu associated server; Described user role associated server is connected with subscriber management server, character management server, character management server, right management server are connected with the role-security associated server, and character management server, menu management server are connected with role's menu associated server.
As preferably, the purview certification server comprises purview certification service unit, user's authenticating operation unit.
As preferably, described memory comprises temporary role association area, temporary role menu area, navigation memory block.
The beneficial effects of the utility model are: 1, to one group of unified mandate of user that authority is identical, reduced keeper's mandate workload; 2, when role authorization, be provided with role's priority, solved the problem of mutual exclusion role authorization, thereby adapt to the mandate demand of different occasion different role; 3, the control with function is sub-divided into the button rank, and user's access rights and operating right are separated.
Description of drawings
Fig. 1 is application schematic diagram of the present utility model;
Fig. 2 is structural representation of the present utility model;
Fig. 3 is the structural representation of administration module of the present utility model and relating module;
Fig. 4 is the structural representation of the utility model memory module.
Embodiment
Below in conjunction with specific embodiment the utility model is described further, but protection range of the present utility model is not limited in this:
Embodiment 1: as shown in Figure 1, the user is connected with server by network, and server is connected and keeps real-time update with memory.Fig. 2 is the embodiment of a kind of system for rights management shown in Figure 1, comprise management server, associated server, purview certification server, memory, log store equipment, update server, described management server is connected with associated server, management server also is connected with log store equipment, update server, and associated server is connected with memory, purview certification server; Data communication device in the described management server is crossed associated server generation associated data and is kept in the memory, the purview certification server carries out the user by the data in the associated server and authenticates, and the data communication device in the management server is crossed that update server is upgraded and data movement is preserved by log store equipment.
Wherein, as shown in Figure 3, described management server comprises subscriber management server, character management server, right management server, menu management server; Associated server comprises user role associated server, role-security associated server, role's menu associated server; Described user role associated server is connected with subscriber management server, character management server, character management server, right management server are connected with the role-security associated server, and character management server, menu management server are connected with role's menu associated server.
As shown in Figure 4, memory comprises temporary role association area, temporary role menu area, navigation memory block, the temporary role association area is preserved role's priority sequence from high to low of login user association, the temporary role menu area is preserved the menu of the highest role association of priority, and the navigation menu tree according to the menu permission build in the temporary role menu area is preserved in the navigation memory block.
The purview certification server comprises purview certification service unit, user's authenticating operation unit, and purview certification service unit, user's authenticating operation unit are connected with memory respectively, are respectively applied to manage the authority of navigation menu and the authority of resource operation.
Above described be specific embodiment of the utility model and the know-why used; if comply with the change that conception of the present utility model is done; when its function that produces does not exceed spiritual that specification and accompanying drawing contain yet, must belong to protection range of the present utility model.
Claims (5)
1. system that is used for rights management, it is characterized in that comprising management server, associated server, purview certification server, memory, log store equipment, update server, described management server is connected with associated server, management server also is connected with log store equipment, update server, and associated server is connected with memory, purview certification server; Data communication device in the described management server is crossed associated server generation associated data and is kept in the memory, the purview certification server carries out the user by the data in the associated server and authenticates, and the data communication device in the management server is crossed that update server is upgraded and data movement is preserved by log store equipment.
2. a kind of system for rights management according to claim 1 is characterized in that described management server comprises subscriber management server, character management server, right management server, menu management server.
3. a kind of system for rights management according to claim 2 is characterized in that associated server comprises user role associated server, role-security associated server, role's menu associated server; Described user role associated server is connected with subscriber management server, character management server, character management server, right management server are connected with the role-security associated server, and character management server, menu management server are connected with role's menu associated server.
4. a kind of system for rights management according to claim 1 is characterized in that the purview certification server comprises purview certification service unit, user's authenticating operation unit.
5. a kind of system for rights management according to claim 1 is characterized in that described memory comprises temporary role association area, temporary role menu area, navigation memory block.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201220553397 CN202856786U (en) | 2012-10-25 | 2012-10-25 | System for authority management |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201220553397 CN202856786U (en) | 2012-10-25 | 2012-10-25 | System for authority management |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN202856786U true CN202856786U (en) | 2013-04-03 |
Family
ID=47987929
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201220553397 Expired - Lifetime CN202856786U (en) | 2012-10-25 | 2012-10-25 | System for authority management |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN202856786U (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103188269A (en) * | 2013-04-08 | 2013-07-03 | 汉柏科技有限公司 | Method for controlling user access permission in cloud platform |
-
2012
- 2012-10-25 CN CN 201220553397 patent/CN202856786U/en not_active Expired - Lifetime
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103188269A (en) * | 2013-04-08 | 2013-07-03 | 汉柏科技有限公司 | Method for controlling user access permission in cloud platform |
| CN103188269B (en) * | 2013-04-08 | 2016-12-28 | 汉柏科技有限公司 | The control method of access privilege in cloud platform |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106411857B (en) | A kind of private clound GIS service access control method based on virtual isolation mech isolation test | |
| CN102231693A (en) | Method and apparatus for managing access authority | |
| CN104935599B (en) | A kind of general-purpose rights control management method and system | |
| CN104408339A (en) | Authority management method for information system | |
| CN110266567A (en) | A kind of control method and its system for realizing smart home device based on intelligent terminal | |
| CN109586963A (en) | A kind of cloud emulation platform safe-guard system, server, terminal and method | |
| CN103617255A (en) | Service data exchange synchronizing system and method used for electric information system | |
| CN104767741A (en) | Calculation service separating and safety protecting system based on light virtual machine | |
| CN109614204A (en) | Memory insulation blocking method, isolation check hardware, SOC chip and storage medium | |
| CN104902031A (en) | Enterprise intelligent cloud system based on virtual desktop | |
| CN103309819A (en) | Embedded system and safety managing method for internal storage thereof | |
| CN106487770B (en) | Method for authenticating and authentication device | |
| CN202856786U (en) | System for authority management | |
| CN107563206A (en) | Unified rights method of servicing and system | |
| CN108270798B (en) | Mobile terminal equipment safety management system | |
| CN103106373A (en) | Trusted computing chip and trusted computing system | |
| CN103795726A (en) | Depth protection method for virtual data safety access | |
| CN106933605A (en) | A kind of intelligent progress recognizing control method and system | |
| CN201111137Y (en) | Post authoring apparatus | |
| CN204965562U (en) | Cell -phone access control system of long -range electron of accessible end operation | |
| CN106230769B (en) | Mobile cloud data staging connection control method based on mobile terminal degree of belief | |
| CN105930355B (en) | A kind of multi-source image database design method | |
| CN104361066A (en) | Unstructured full-text retrieval system based on authorities | |
| CN104580997A (en) | Video monitoring management system | |
| CN106170001A (en) | A kind of single-sign-on management system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee | ||
| CP03 | Change of name, title or address |
Address after: Hangzhou City, Zhejiang province 310004 city of Shen Jia Lu No. 319 room 519 Patentee after: Zhejiang Xinghan information technology Limited by Share Ltd. Address before: 5, 310007 floor, North Tower, 262 Wan Tang Road, Hangzhou, Zhejiang, Xihu District Patentee before: ZHEJIANG STARSINO INFORMATION TECHNOLOGY Co.,Ltd. |
|
| CX01 | Expiry of patent term |
Granted publication date: 20130403 |
|
| CX01 | Expiry of patent term |