TWI789193B - Method and device for automatically checking authority of computer folder - Google Patents

Method and device for automatically checking authority of computer folder Download PDF

Info

Publication number
TWI789193B
TWI789193B TW110149683A TW110149683A TWI789193B TW I789193 B TWI789193 B TW I789193B TW 110149683 A TW110149683 A TW 110149683A TW 110149683 A TW110149683 A TW 110149683A TW I789193 B TWI789193 B TW I789193B
Authority
TW
Taiwan
Prior art keywords
list
permission
authority
historical
actual
Prior art date
Application number
TW110149683A
Other languages
Chinese (zh)
Other versions
TW202326461A (en
Inventor
林郁翔
Original Assignee
華南商業銀行股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 華南商業銀行股份有限公司 filed Critical 華南商業銀行股份有限公司
Priority to TW110149683A priority Critical patent/TWI789193B/en
Application granted granted Critical
Publication of TWI789193B publication Critical patent/TWI789193B/en
Publication of TW202326461A publication Critical patent/TW202326461A/en

Links

Images

Landscapes

  • Multi-Process Working Machines And Systems (AREA)
  • Debugging And Monitoring (AREA)

Abstract

A method for automatically checking folder permissions includes periodically updating a preset permission list, after updating the preset permission list, sending the preset permission list to a number of checked devices so as to update a number of actual permission lists of a number of shared folders of the checked devices, periodically obtaining the actual permission lists, and when any one of the actual permission lists does not conform to the preset permission list, outputting an abnormal notification. There is a one-to-one relationship between the checked devices, the shared folders and the actual permission lists.

Description

資料夾權限的自動化檢核方法及裝置Automatic check method and device for file folder permissions

本發明係有關於一種自動化檢核方法及裝置,尤其是有關一種管理資料夾權限的自動化檢核方法及裝置。The present invention relates to an automatic checking method and device, in particular to an automatic checking method and device for managing file folder permissions.

隨著網路技術的發展,網路儼然成為日常生活與工作環境中不可或缺的重要因素。在工作環境下如何識別、分配及管理區域網路中的不同網路使用者與內部對應的使用權限,成為對於管理者而言一個極其重要的課題。With the development of network technology, the network has become an indispensable and important factor in daily life and work environment. How to identify, assign and manage different network users in the local area network and the corresponding internal use rights in the working environment has become an extremely important issue for managers.

現存於企業工作環境中的區域網路,使用者常以共用資料夾的方式彼此配合。然而,共用資料夾的使用權限卻經常僅依據部門別予以劃分或透過人員手動設置。因此,如何透過共用資料夾的權限設置來加速企業等的自動化檢核與運作效率,目前仍面臨一定的作業困難。In the local area network existing in the enterprise working environment, users often cooperate with each other by sharing folders. However, the usage permissions of shared folders are often only divided according to departments or manually set by personnel. Therefore, how to speed up the automatic inspection and operation efficiency of enterprises etc. through the permission setting of shared folders is still facing certain operational difficulties.

有鑑於先前技術的上述缺點,本發明提供一種資料夾權限的自動化檢核方法及裝置。In view of the above-mentioned shortcomings of the prior art, the present invention provides an automatic verification method and device for file folder permissions.

依據本發明一實施例的自動化檢核方法,包含以檢核裝置執行週期性地更新一預設權限清單,於更新該預設權限清單後,傳送該預設權限清單至多個受檢裝置,以更新該些受檢裝置的多個共用資料夾的多個實際權限清單,週期性地取得該些實際權限清單,以及當該些實際權限清單中的任一者不符合該預設權限清單時,輸出一異常通知,其中該些受檢裝置、該些共用資料夾及該些實際權限清單之間具有一對一的關係。An automatic checking method according to an embodiment of the present invention includes using a checking device to periodically update a default permission list, and after updating the default permission list, sending the default permission list to a plurality of checked devices, so as to updating multiple actual permission lists of multiple shared folders of the checked devices, periodically obtaining the actual permission lists, and when any one of the actual permission lists does not match the default permission list, Outputting an exception notification, wherein there is a one-to-one relationship among the checked devices, the shared folders and the actual permission lists.

依據本發明一實施例的自動化檢核裝置,適用於檢核多個受檢裝置,且包含儲存模組、通訊模組及處理模組。儲存模組儲存預設權限清單。處理模組連接於儲存模組及通訊模組,且用於執行:週期性地更新一預設權限清單,於更新該預設權限清單後,透過該通訊模組傳送該預設權限清單至該些受檢裝置,以更新該些受檢裝置的多個共用資料夾的多個實際權限清單,透過該通訊模組週期性地取得該些實際權限清單,以及當該些實際權限清單中的任一者不符合該預設權限清單時,輸出一異常通知。其中,該些受檢裝置、該些共用資料夾及該些實際權限清單之間具有一對一的關係。An automatic inspection device according to an embodiment of the present invention is suitable for inspecting a plurality of inspected devices, and includes a storage module, a communication module and a processing module. The save module saves a list of default permissions. The processing module is connected to the storage module and the communication module, and is used to execute: periodically update a default permission list, and after updating the default permission list, send the default permission list to the These checked devices to update the multiple actual permission lists of the multiple shared folders of the checked devices, periodically obtain the actual permission lists through the communication module, and when any of the actual permission lists When one of them does not conform to the default permission list, an exception notification is output. Wherein, there is a one-to-one relationship among the inspected devices, the shared folders and the actual permission lists.

綜上所述,依據本發明所揭示之資料夾權限的自動化檢核方法及裝置,可依據各單位所提供的人員存取授權名單,自動化檢核各個共用資料夾的使用權限,同時亦可判斷上述授權名單是否發生資料異常而予以自動檢核及更新,有效加速企業等的運作效率。To sum up, according to the method and device for automatic checking of folder permissions disclosed in the present invention, the use permissions of each shared folder can be automatically checked based on the personnel access authorization list provided by each unit, and at the same time, it can also be judged The above-mentioned authorization list will be automatically checked and updated if there is an abnormality in the data, which can effectively speed up the operational efficiency of the enterprise.

以上之關於本揭露內容之說明及以下之實施方式之說明係用以示範與解釋本發明之精神與原理,並且提供本發明之專利申請範圍更進一步之解釋。The above description of the disclosure and the following description of the implementation are used to demonstrate and explain the spirit and principle of the present invention, and provide a further explanation of the patent application scope of the present invention.

以下在實施方式中詳細敘述本發明之詳細特徵以及優點,其內容足以使任何熟習相關技藝者了解本發明之技術內容並據以實施,且根據本說明書所揭露之內容、申請專利範圍及圖式,任何熟習相關技藝者可輕易地理解本發明相關之目的及優點。以下之實施例係進一步詳細說明本發明之觀點,但非以任何觀點限制本發明之範疇。The detailed features and advantages of the present invention are described in detail below in the implementation mode, and its content is enough to make any person familiar with the related art understand the technical content of the present invention and implement it accordingly, and according to the content disclosed in this specification, the scope of the patent application and the drawings , anyone skilled in the art can easily understand the purpose and advantages of the present invention. The following examples are to further describe the concept of the present invention in detail, but not to limit the scope of the present invention in any way.

請參閱圖1,圖1係依據本發明一實施例所繪示的自動化檢核裝置及受檢裝置的功能方塊圖。如圖1所示,自動化的檢核裝置10可以適用於自動化分配及/或檢核多個受檢裝置2各自的共用資料夾的登入紀錄及/或資料使用權限。檢核裝置10可包含一儲存模組12、一通訊模組14及一處理模組16,而各受檢裝置2可包含對應共用資料夾的登入紀錄及/或資料使用權限紀錄的實際權限清單22。檢核裝置10可以是管理者端的一電子裝置或一權限管理系統,受檢裝置2則可以是被管理者端的一電子裝置。上述電子裝置可以是單一裝置、同一區域網路下的多個裝置,或分散式電腦叢集。實作上,上述電子裝置可以是桌上型電腦、筆記型電腦、智慧型手機等或上述設備的任意組合,但本發明不以此為限。Please refer to FIG. 1 . FIG. 1 is a functional block diagram of an automatic checking device and a tested device according to an embodiment of the present invention. As shown in FIG. 1 , the automated checking device 10 can be adapted to automatically assign and/or check the login records and/or data usage rights of the respective shared folders of multiple checked devices 2 . The checking device 10 may include a storage module 12, a communication module 14, and a processing module 16, and each checked device 2 may include an actual permission list corresponding to a login record and/or data usage permission record of a shared folder twenty two. The checking device 10 may be an electronic device or a rights management system at the manager's side, and the checked device 2 may be an electronic device at the managed side. The above-mentioned electronic device can be a single device, multiple devices under the same local area network, or a distributed computer cluster. In practice, the above-mentioned electronic device may be a desktop computer, a notebook computer, a smart phone, etc. or any combination of the above-mentioned devices, but the present invention is not limited thereto.

進一步來說明受檢裝置2所包含的共用資料夾的實際權限清單22。實際權限清單22可以儲存於受檢裝置2的記憶體中,用於儲存多個使用者端(例如其他受檢裝置2或其他電腦)對於共用資料夾的使用權限,可以僅儲存具有使用權限的使用者端,僅儲存不具使用權限的使用者端,或同時儲存具有使用權限及不具使用權限的使用者端,本發明不予限制。所述使用權限可以是共用資料夾的檢視、唯讀、讀取、編輯、執行、下載、刪除、分享、隱藏、加密/解密、壓縮/解壓縮、存取位置管理及/或特殊存取權限設定等,但本發明並不以此為限。實際權限清單22可以儲存對應於使用者端的一或多種識別資訊以表示使用者端,諸如為設備編號、網路位址及/或任何一種身份識別資訊等,其中設備編號例如為IP位址或MAC位址。實際權限清單22可以包含對應於使用者端在一或多個企業等單位內部的登入紀錄或使用權限紀錄所對應的層級、部門別及/或權限屬性等的任何一種身份識別資訊,用以供辨識共用資料夾的類別。The actual permission list 22 of the shared folder included in the tested device 2 is further described. The actual permission list 22 can be stored in the memory of the tested device 2, and is used to store the use permissions of multiple user terminals (such as other tested devices 2 or other computers) for shared folders, and can only store the files with use permissions. The user end only stores the user end without the use authority, or stores both the user end with the use authority and the user end without the use authority, which is not limited by the present invention. The access rights may be view, read-only, read, edit, execute, download, delete, share, hide, encrypt/decrypt, compress/decompress, access location management and/or special access rights for shared folders settings, etc., but the present invention is not limited thereto. The actual authority list 22 can store one or more identification information corresponding to the user terminal to represent the user terminal, such as device number, network address and/or any kind of identification information, etc., wherein the device number is, for example, an IP address or MAC address. The actual authority list 22 may include any kind of identification information corresponding to the level, department and/or authority attribute corresponding to the login record or use authority record of the user terminal in one or more enterprises, etc., for providing Identify the type of shared folder.

進一步來說明檢核裝置10的各模組,儲存模組12可以是一任何型態的固定式或可移動式的隨機存取記憶體(random access memory,RAM)、唯讀記憶體(read-only memory,ROM)、快閃記憶體(flash memory)、硬碟(hard disk drive,HDD)、固態硬碟(solid state drive,SSD)或類似元件或上述元件的組合,但本發明不以此為限。儲存模組12可儲存預設權限清單122及歷史權限資料124。To further illustrate each module of the verification device 10, the storage module 12 can be any type of fixed or removable random access memory (random access memory, RAM), read-only memory (read- only memory, ROM), flash memory (flash memory), hard disk (hard disk drive, HDD), solid state disk (solid state drive, SSD) or similar components or a combination of the above components, but the present invention does not limit. The storage module 12 can store a default permission list 122 and historical permission data 124 .

預設權限清單122可以儲存各受檢裝置2的共用資料夾的使用權限。歷史權限資料124為選擇性儲存的資料,其可以包含多個歷史權限清單。特別來說,預設權限清單122儲存的是各受檢裝置2的共用資料夾在當前理想上的使用權限,而歷史權限資料124所儲存的歷史權限清單則為過去時間點的理想使用權限。The default authority list 122 can store the use authority of the shared folder of each tested device 2 . The historical permission data 124 is selectively stored data, which may include multiple historical permission lists. In particular, the default permission list 122 stores the current ideal usage permissions of the shared folders of each tested device 2 , and the historical permission list stored in the historical permission data 124 is the ideal usage permissions at past time points.

通訊模組14可以通訊連接於各受檢裝置2,以傳送資料至受檢裝置2或自受檢裝置2接收資料。於一些實施例中,通訊模組14可以是透過有線網路、區域網路、無線網路等進行通訊的元件,但本發明不以此為限。更進一步來說,通訊模組14可以透過有線或無線的方式連接於儲存模組12,受控以從儲存模組12取得資料(例如預設權限清單122)並傳送至各受檢裝置2。The communication module 14 can communicate with each tested device 2 to transmit data to or receive data from the tested device 2 . In some embodiments, the communication module 14 may be a component that communicates through a wired network, a local area network, a wireless network, etc., but the present invention is not limited thereto. Furthermore, the communication module 14 can be connected to the storage module 12 by wire or wirelessly, and is controlled to obtain data (such as the default permission list 122 ) from the storage module 12 and send it to each checked device 2 .

處理模組16可以透過有線或無線的方式連接於儲存模組12及通訊模組14。於一些實施例中,處理模組44可以是由中央處理單元(Central Processing Unit,CPU),或是其他可程式化之一般用途或特殊用途的微處理器(Microprocessor)、數位信號處理器(Digital Signal Processor,DSP)、可程式化控制器、特殊應用積體電路(Application Specific Integrated Circuit,ASIC)或其他類似元件或上述任意元件之組合,本發明不不以此為限。The processing module 16 can be connected to the storage module 12 and the communication module 14 in a wired or wireless manner. In some embodiments, the processing module 44 may be a central processing unit (Central Processing Unit, CPU), or other programmable general purpose or special purpose microprocessor (Microprocessor), digital signal processor (Digital Signal Processor, DSP), programmable controller, application specific integrated circuit (Application Specific Integrated Circuit, ASIC) or other similar components or a combination of any of the above components, the present invention is not limited thereto.

處理模組16可以週期性地對儲存模組12中所儲存的預設權限清單進行更新,將更新的預設權限清單透過通訊模組14傳送至各受檢裝置2以更新各受檢裝置2的共用資料夾的實際權限清單22,透過通訊模組14週期性地從各受檢裝置2取得實際權限清單22,並在某實際權限清單22不符合當前預設權限清單時,輸出異常通知。上述運作的實施內容將於後描述。The processing module 16 can periodically update the default authority list stored in the storage module 12, and transmit the updated default authority list to each inspected device 2 through the communication module 14 to update each inspected device 2 The actual authority list 22 of the shared folder is periodically obtained from each tested device 2 through the communication module 14, and when an actual authority list 22 does not match the current default authority list, an abnormal notification is output. The implementation content of the above operation will be described later.

請一併參考圖1及圖2,其中圖2係依據本發明一實施例所繪示的自動化檢核方法的流程圖。如圖2所示,自動化檢核方法可以包含步驟S1~S9。圖2所示的自動化檢核方法適用於前述圖1所示的檢核裝置10,特別可以由檢核裝置10的處理模組16來執行,但不以此為限。以下示例性地以圖1所示的檢核裝置10及受檢裝置2來說明圖2所示的自動化檢核方法的各步驟。Please refer to FIG. 1 and FIG. 2 together, wherein FIG. 2 is a flowchart of an automatic checking method according to an embodiment of the present invention. As shown in FIG. 2, the automatic checking method may include steps S1-S9. The automatic verification method shown in FIG. 2 is suitable for the verification device 10 shown in FIG. 1 , and can be executed by the processing module 16 of the verification device 10 , but is not limited thereto. The steps of the automatic checking method shown in FIG. 2 will be described below using the checking device 10 and the tested device 2 shown in FIG. 1 as examples.

於步驟S1中,處理模組16週期性地更新儲存於儲存模組12中的預設權限清單。所述更新例如為新增或移除一或多個使用者端的使用權限。進一步來說,處理模組16可以週期性地依據預設權限清單中的使用者端的狀態來調整其使用權限。舉例來說,當使用者端所對應的使用者已從公司離職,則處理模組16可據以將該使用者端從預設權限清單移除。另外,處理模組16亦可依據管理者的輸入指令來調整預設權限清單。In step S1 , the processing module 16 periodically updates the default permission list stored in the storage module 12 . The update is, for example, adding or removing one or more user-end usage permissions. Further, the processing module 16 can periodically adjust the usage authority according to the state of the user terminal in the preset authority list. For example, when the user corresponding to the client terminal has left the company, the processing module 16 can remove the client terminal from the default permission list accordingly. In addition, the processing module 16 can also adjust the default permission list according to the administrator's input command.

於步驟S2中,處理模組16於每次更新該預設權限清單後,傳送預設權限清單至多個受檢裝置2,以更新該些受檢裝置2的多個共享資料夾的多個實際權限清單。其中,該些受檢裝置2、該些共用資料夾及該些實際權限清單22之間具有一對一的關係。In step S2, the processing module 16 sends the default permission list to a plurality of checked devices 2 after each update of the default permission list, so as to update the multiple real list of permissions. Wherein, there is a one-to-one relationship among the checked devices 2 , the shared folders and the actual permission lists 22 .

於步驟S3中,處理模組16週期性地取得該些受檢裝置2的該些實際權限清單。特別來說,步驟S1及S3的週期長短可以預設為相同或不相同,本發明不予限制。In step S3 , the processing module 16 periodically obtains the actual authority lists of the inspected devices 2 . In particular, the cycle lengths of steps S1 and S3 can be preset to be the same or different, which is not limited by the present invention.

於步驟S4中,處理模組16判斷所取得的該些實際權限清單是否各符合預設權限清單。如前所述,預設權限清單122儲存的是各受檢裝置2的共用資料夾在當前理想上的使用權限。處理模組16可以判斷各受檢裝置2的實際權限清單所含的使用權限與於預設權限清單中對應於該受檢裝置2的理想使用權限之間的差異比率是否小於一預設閾值;若小於,則表示實際權限清單符合預設權限清單;若不小於,則表示實際權限清單不符合預設權限清單。所述預設閾值例如為0%~5%。In step S4, the processing module 16 judges whether the acquired actual permission lists are in accordance with the default permission lists. As mentioned above, the default permission list 122 stores the current ideal usage permission of the shared folder of each tested device 2 . The processing module 16 can determine whether the difference ratio between the usage rights contained in the actual permission list of each checked device 2 and the ideal usage permission corresponding to the checked device 2 in the preset permission list is less than a preset threshold; If it is less than, it means that the actual permission list conforms to the default permission list; if it is not less than, it means that the actual permission list does not match the default permission list. The preset threshold is, for example, 0%˜5%.

當步驟S4的判斷結果為否,即有任何一個實際權限清單不符合預設權限清單時,處理模組16執行步驟S5:輸出異常通知。其中,異常通知可以透過輸出元件例如顯示器、喇叭、警示燈等來輸出。進一步來說,在步驟S2及步驟S3之間,可能會有非管理者對受檢裝置2的共用資料夾的實際權限清單進行竄改,而藉由步驟S4的判斷,檢核裝置10可確認是否有遭非管理者竄改的情形。When the judgment result of step S4 is negative, that is, if any actual authority list does not conform to the default authority list, the processing module 16 executes step S5: outputting an abnormality notification. Wherein, the abnormal notification can be output through output components such as a display, a horn, a warning light, and the like. Furthermore, between step S2 and step S3, non-administrators may tamper with the actual permission list of the shared folder of the tested device 2, and through the judgment of step S4, the checking device 10 can confirm whether It may have been tampered with by non-administrators.

當步驟S4的判斷結果為是時,處理模組16執行步驟S6:判斷該些實際權限清單是否各符合歷史權限資料。進一步來說,請參考圖3,圖3係依據本發明一實施例所繪示的自動化檢核方法的局部流程圖。如圖3所示,步驟S6可以包含對每個實際權限清單執行三個判斷子步驟,包含子步驟S61:判斷實際權限清單與第一歷史權限清單之間的差異比率是否小於第一誤差比率;子步驟S62:判斷實際權限清單與第二歷史權限清單之間的差異比率是否小於第二誤差比率;及子步驟S63:判斷實際權限清單與第三歷史權限清單之間的差異比率是否小於第三誤差比率。當子步驟S61~S63的判斷結果皆為是時,步驟S6的判斷結果為是。而當子步驟S61~S63中的任一判斷結果為否時,步驟S6的判斷結果為否。也就是說,當所有實際權限清單中的一目標權限清單的任一判斷子步驟的判斷結果為否時,此目標權限清單不符合歷史權限資料。When the judgment result of step S4 is yes, the processing module 16 executes step S6: judging whether each of the actual permission lists conforms to the historical permission data. Further, please refer to FIG. 3 , which is a partial flowchart of an automatic checking method according to an embodiment of the present invention. As shown in Figure 3, step S6 may include performing three judging sub-steps for each actual authority list, including sub-step S61: judging whether the difference ratio between the actual authority list and the first historical authority list is less than the first error ratio; Sub-step S62: judging whether the difference ratio between the actual authority list and the second historical authority list is less than the second error ratio; and sub-step S63: judging whether the difference ratio between the actual authority list and the third historical authority list is less than the third error ratio. When the judgment results of sub-steps S61-S63 are all yes, the judgment result of step S6 is yes. And when any judgment result in sub-steps S61-S63 is negative, the judgment result of step S6 is negative. That is to say, when the determination result of any determination sub-step of a target authority list in all actual authority lists is negative, the target authority list does not conform to the historical authority data.

如前所述,歷史權限資料可以包含多個歷史權限清單,圖3以第一歷史權限清單、第二歷史權限清單及第三歷史權限清單為例。其中,第一至第三歷史權限清單可以為產生時序由新至舊的權限清單。詳細來說,第一歷史權限清單可以為最近一次更新前的預設權限清單,第二歷史權限清單可以為再前一次更新前的預設權限清單,而第三歷史權限清單以此類推。第一誤差比率小於或等於該第二誤差比率,且第二誤差比率小於或等於第三誤差比率。進一步來說,第一誤差比率可介於0%至5%,第二誤差比率可介於0%至10%,而第三誤差比率可介於0%至15%。As mentioned above, the historical permission data may include multiple historical permission lists. FIG. 3 takes the first historical permission list, the second historical permission list and the third historical permission list as examples. Wherein, the first to third historical permission lists may be permission lists from newest to old in generation time sequence. Specifically, the first historical permission list may be the default permission list before the latest update, the second historical permission list may be the default permission list before the last update, and the third historical permission list and so on. The first error ratio is less than or equal to the second error ratio, and the second error ratio is less than or equal to the third error ratio. Further, the first error rate may be between 0% and 5%, the second error rate may be between 0% and 10%, and the third error rate may be between 0% and 15%.

請再次參考圖1及圖2,當步驟S6判斷結果為否時,處理模組16執行步驟S7:輸出另一異常通知並產生完成訊號。所述另一異常通知可以異於步驟S5的異常通知的方式(例如不同顯示畫面、不同輸出語音、不同燈號等)來呈現。當步驟S6判斷結果為是時,處理模組16執行步驟S8:產生完成訊號。於步驟S9中,處理模組16受步驟S7或步驟S8所產生的完成訊號觸發以依據預設權限清單更新歷史權限資料。所述更新例如為將當前預設權限清單儲存為歷史權限資料中的最新歷史權限清單。Please refer to FIG. 1 and FIG. 2 again, when the judgment result of step S6 is negative, the processing module 16 executes step S7: outputting another abnormal notification and generating a completion signal. The other abnormality notification may be presented in a manner different from the abnormality notification in step S5 (for example, different display screens, different output voices, different lights, etc.). When the judgment result of step S6 is yes, the processing module 16 executes step S8: generating a completion signal. In step S9, the processing module 16 is triggered by the completion signal generated in step S7 or step S8 to update the historical permission data according to the default permission list. The updating is, for example, storing the current default permission list as the latest historical permission list in the historical permission data.

特別來說,管理者端可以有階級的劃分,包含初階管理者端及進階管理者端,其中初階管理者端僅有權限操作檢核裝置10以調整預設權限清單,而進階管理者端除了調整預設權限清單外,更可設定調整預設權限清單的規則,例如前述第一至第三誤差比率。藉由步驟S6的判斷,檢核裝置10可以確認是否有初階管理者端未依規則修改使用權限的濫權情形。In particular, the manager side can be divided into classes, including the primary manager side and the advanced manager side, wherein the primary manager side only has the authority to operate the checking device 10 to adjust the default authority list, and the advanced manager side In addition to adjusting the default authority list, the administrator can also set rules for adjusting the default authority list, such as the aforementioned first to third error ratios. Based on the judgment in step S6, the checking device 10 can confirm whether there is an abuse of power in which the primary administrator fails to modify the usage authority according to the rules.

於此要特別說明的是,上述步驟S6~S9可以組成一管理品質判斷程序,為選擇性執行的程序。於一實施例中,自動化檢核方法可以包含步驟S1~S5而不包含步驟S6~S9。於此實施例中,當步驟S4的判斷結果為是時,處理模組16便不作動,或是透過輸出元件輸出正常通知。It should be particularly noted here that the above steps S6-S9 may constitute a management quality judgment program, which is a program that is selectively executed. In one embodiment, the automatic checking method may include steps S1-S5 but not steps S6-S9. In this embodiment, when the determination result of step S4 is yes, the processing module 16 does not act, or outputs a normal notification through the output element.

另外,在處理模組16判斷有實際權限清單不符預設權限清單而輸出異常通知(步驟S5)之前,處理模組16更可以執行另一判斷步驟以確認竄改的情形為惡意或非惡意。請一併參考圖1、2及4,其中圖4係依據本發明另一實施例所繪示的自動化檢核方法的局部流程圖。如圖4所示,在執行步驟S5之前,處理模組16可以執行步驟S10:判斷不符合預設權限清單的實際權限清單是否無資料。當判斷結果為是時,處理模組16傳送預定權限清單至不符合預設權限清單的實際權限清單所對應的受檢裝置,以更新該實際權限清單,並接著執行步驟S5以輸出異常通知。當判斷結果為否時,處理模組16執行步驟S5以輸出異常通知。其中,步驟S5之判斷結果為是所對應的異常通知所指示的警示程度可以預設為低於判斷結果為否所對應的異常通知所指示的警示程度。進一步來說,步驟S5之判斷結果為是的情形(即不符合預設權限清單的實際權限清單無資料)可能源自於使用者端非惡意的刪除動作,因此其對應的異常通知所指示的警示程度可設定為較低。In addition, before the processing module 16 judges that the actual permission list does not match the preset permission list and outputs an abnormal notification (step S5), the processing module 16 may further perform another judgment step to confirm whether the tampering is malicious or non-malicious. Please refer to FIGS. 1 , 2 and 4 together, wherein FIG. 4 is a partial flowchart of an automatic checking method according to another embodiment of the present invention. As shown in FIG. 4 , before performing step S5 , the processing module 16 may perform step S10 : determine whether the actual authority list that does not conform to the default authority list has no data. When the judgment result is yes, the processing module 16 transmits the predetermined permission list to the inspected device corresponding to the actual permission list that does not conform to the default permission list, so as to update the actual permission list, and then executes step S5 to output an abnormal notification. When the determination result is negative, the processing module 16 executes step S5 to output an abnormality notification. Wherein, the warning level indicated by the abnormality notification corresponding to the judgment result of step S5 can be preset to be lower than the warning level indicated by the abnormality notification corresponding to the judgment result of No. Furthermore, if the judgment result of step S5 is yes (that is, there is no data in the actual permission list that does not conform to the default permission list), it may be caused by a non-malicious deletion action on the user side, so the corresponding exception notification indicated The alert level can be set to be low.

鑒於上述,本發明之資料夾權限的自動化檢核方法及裝置,可以依據各單位所提供的人員存取授權名單,來自動檢核各個共用資料夾的使用權限,並同時判斷上述授權名單是否發生資料異常而予以自動檢核及更新,有效加速企業等的運作效率。In view of the above, the automatic check method and device for file folder authority of the present invention can automatically check the use authority of each shared file folder according to the personnel access authorization list provided by each unit, and at the same time determine whether the authorization list has occurred. Data abnormalities are automatically checked and updated, effectively accelerating the operational efficiency of enterprises.

雖然本發明以前述之實施例揭露如上,然其並非用以限定本發明。在不脫離本發明之精神和範圍內,所為之更動與潤飾,均屬本發明之專利保護範圍。關於本發明所界定之保護範圍請參考所附之申請專利範圍。Although the present invention is disclosed by the aforementioned embodiments, they are not intended to limit the present invention. Without departing from the spirit and scope of the present invention, all changes and modifications are within the scope of patent protection of the present invention. For the scope of protection defined by the present invention, please refer to the appended scope of patent application.

10:檢核裝置10: Checking device

12:儲存模組12: Storage module

122:預設權限清單122: Default permission list

124:歷史權限資料124: Historical authority data

14:通訊模組14: Communication module

16:處理模組16: Processing module

2:受檢裝置2: The tested device

22:實際權限清單22: List of actual permissions

S1~S11:步驟S1~S11: Steps

S61~S63:子步驟S61~S63: sub-steps

圖1係依據本發明一實施例所繪示的自動化檢核裝置及受檢裝置的功能方塊圖。 圖2係依據本發明一實施例所繪示的自動化檢核方法的流程圖。 圖3係依據本發明一實施例所繪示的自動化檢核方法的局部流程圖。 圖4係依據本發明另一實施例所繪示的自動化檢核方法的局部流程圖。 FIG. 1 is a functional block diagram of an automatic checking device and a tested device according to an embodiment of the present invention. FIG. 2 is a flowchart of an automatic checking method according to an embodiment of the present invention. FIG. 3 is a partial flowchart of an automatic checking method according to an embodiment of the present invention. FIG. 4 is a partial flowchart of an automatic checking method according to another embodiment of the present invention.

S1~S9:步驟 S1~S9: steps

Claims (6)

一種自動化檢核方法,包含以一檢核裝置執行:週期性地更新一預設權限清單;於更新該預設權限清單後,傳送該預設權限清單至多個受檢裝置,以更新該些受檢裝置的多個共用資料夾的多個實際權限清單,其中該些受檢裝置、該些共用資料夾及該些實際權限清單之間具有一對一的關係;週期性地取得該些實際權限清單;以及當該些實際權限清單中的任一者不符合該預設權限清單時,輸出一異常通知;當該些實際權限清單各符合該預設權限清單時,執行一管理品質判斷程序,該管理品質判斷程序包含:判斷該些實際權限清單是否各符合一歷史權限資料;當該些實際權限清單中的任一者不符合該歷史權限資料時,輸出另一異常通知並產生一完成訊號;以及當該些實際權限清單各符合該歷史權限資料時,產生該完成訊號;以及受該完成訊號觸發以依據該預設權限清單更新該歷史權限資料,其中該歷史權限資料包含一第一歷史權限清單、一第二歷史權限清單及一第三歷史權限清單,且判斷是否該些實際權限清單各符合該歷史權限資料包含: 對於每一該些實際權限清單,執行三個判斷子步驟,其中該三個判斷子步驟包含:判斷該實際權限清單與該第一歷史權限清單之間的差異比率是否小於一第一誤差比率;判斷該實際權限清單與該第二歷史權限清單之間的差異比率是否小於一第二誤差比率;以及判斷該實際權限清單與該第三歷史權限清單之間的差異比率是否小於一第三誤差比率;以及其中當對於該些實際權限清單中的一目標權限清單的任一該些判斷子步驟的判斷結果為否時,該目標權限清單不符合該歷史權限資料。 An automatic checking method, including executing with a checking device: periodically updating a default permission list; after updating the default permission list, sending the default permission list to a plurality of checked devices to update the checked devices Multiple actual permission lists of multiple shared folders of the inspected device, wherein there is a one-to-one relationship between the checked devices, the shared folders, and the actual permission lists; periodically obtain the actual permissions list; and when any one of the actual authority lists does not conform to the default authority list, output an exception notification; when each of the actual authority lists conforms to the default authority list, execute a management quality judgment procedure, The management quality judgment procedure includes: judging whether each of the actual authority lists conforms to a historical authority data; when any one of the actual authority lists does not conform to the historical authority data, output another abnormal notification and generate a completion signal ; and when each of the actual permission lists matches the historical permission data, generate the completion signal; and be triggered by the completion signal to update the historical permission data according to the default permission list, wherein the historical permission data includes a first history A permission list, a second historical permission list and a third historical permission list, and judging whether each of these actual permission lists conforms to the historical permission data includes: For each of the actual authority lists, execute three judging sub-steps, wherein the three judging sub-steps include: judging whether the difference ratio between the actual authority list and the first historical authority list is less than a first error ratio; judging whether the difference ratio between the actual permission list and the second historical permission list is smaller than a second error ratio; and judging whether the difference ratio between the actual permission list and the third historical permission list is smaller than a third error ratio ; and wherein when the judgment result of any of the judging sub-steps for a target permission list in the actual permission lists is no, the target permission list does not conform to the historical permission data. 如請求項1所述之自動化檢核方法,其中該第一至第三歷史權限清單分別對應於該歷史權限資料最近一至三次更新前的該預設權限清單,該第一誤差比率小於或等於該第二誤差比率,且該第二誤差比率小於或等於該第三誤差比率。 The automatic checking method as described in claim 1, wherein the first to third historical permission lists correspond to the default permission list before the latest one to three updates of the historical permission data respectively, and the first error ratio is less than or equal to the a second error ratio, and the second error ratio is less than or equal to the third error ratio. 如請求項1所述之自動化檢核方法,更包含:在輸出該異常通知之前,以該檢核裝置執行:判斷該些實際權限清單中不符合該預設權限清單的一目標權限清單是否無資料;以及當該目標權限清單無資料時,傳送該預設權限清單至該些受檢裝置中對應於該目標權限清單的受檢裝置,以更新該目標授權清單。 The automatic checking method as described in claim 1 further includes: before outputting the abnormal notification, using the checking device to execute: judging whether a target permission list that does not conform to the default permission list in the actual permission lists has no information; and when there is no information in the target authorization list, sending the default authorization list to the detected device corresponding to the target authorization list among the inspected devices, so as to update the target authorization list. 一種自動化檢核裝置,適用於檢核多個受檢裝置,該自動化檢核裝置包含:一儲存模組,儲存一預設權限清單;一通訊模組;以及一處理模組,連接於該儲存模組與該通訊模組,該處理模組用於執行:週期性地更新一預設權限清單;於更新該預設權限清單後,透過該通訊模組傳送該預設權限清單至該些受檢裝置,以更新該些受檢裝置的多個共用資料夾的多個實際權限清單,其中該些受檢裝置、該些共用資料夾及該些實際權限清單之間具有一對一的關係;透過該通訊模組週期性地取得該些實際權限清單;以及當該些實際權限清單中的任一者不符合該預設權限清單時,輸出一異常通知當該些實際權限清單各符合該預設權限清單時,執行一管理品質判斷程序,該管理品質判斷程序包含:判斷該些實際權限清單是否各符合一歷史權限資料;當該些實際權限清單中的任一者不符合該歷史權限資料時,輸出另一異常通知並產生一完成訊號;以及當該些實際權限清單各符合該歷史權限資料時,產生該完成訊號;以及 受該完成訊號觸發以依據該預設權限清單更新該歷史權限資料,其中該歷史權限資料包含一第一歷史權限清單、一第二歷史權限清單及一第三歷史權限清單,該處理模組所執行之判斷是否該些實際權限清單各符合該歷史權限資料包含:判斷該實際權限清單與該第一歷史權限清單之間的差異比率是否小於一第一誤差比率;判斷該實際權限清單與該第二歷史權限清單之間的差異比率是否小於一第二誤差比率;以及判斷該實際權限清單與該第三歷史權限清單之間的差異比率是否小於一第三誤差比率;以及其中當對於該些實際權限清單中的一目標權限清單的任一該些判斷子步驟的判斷結果為否時,該目標權限清單不符合該歷史權限資料。 An automatic checking device, suitable for checking a plurality of checked devices, the automatic checking device includes: a storage module, storing a preset authority list; a communication module; and a processing module, connected to the storage module and the communication module, the processing module is used to execute: periodically update a default permission list; after updating the default permission list, send the default permission list to the recipients through the communication module Checked devices to update multiple actual permission lists of multiple shared folders of the checked devices, wherein there is a one-to-one relationship between the checked devices, the shared folders, and the actual permission lists; Obtain the actual authority lists periodically through the communication module; and when any of the actual authority lists does not match the default authority list, output an exception notification When setting the authority list, execute a management quality judgment procedure, the management quality judgment procedure includes: judging whether each of the actual authority lists conforms to a historical authority data; when any one of the actual authority lists does not conform to the historical authority data when , outputting another exception notification and generating a completion signal; and generating the completion signal when each of the actual authority lists matches the historical authority data; and Triggered by the completion signal to update the historical authority data according to the default authority list, wherein the historical authority data includes a first historical authority list, a second historical authority list and a third historical authority list, the processing module The execution of judging whether the actual authority lists are consistent with the historical authority data includes: judging whether the difference ratio between the actual authority list and the first historical authority list is less than a first error ratio; judging whether the actual authority list and the first historical authority list Whether the difference ratio between the two historical permission lists is less than a second error ratio; and judging whether the difference ratio between the actual permission list and the third historical permission list is smaller than a third error ratio; When the judgment result of any of the judging sub-steps of a target permission list in the permission list is negative, the target permission list does not conform to the historical permission data. 如請求項4所述之檢核裝置,其中該第一至第三歷史權限清單分別對應於該歷史權限資料最近一至三次更新前的該預設權限清單,該第一誤差比率小於或等於該第二誤差比率,且該第二誤差比率小於或等於該第三誤差比率。 The verification device as described in claim 4, wherein the first to third historical permission lists correspond to the default permission list before the last one to three updates of the historical permission data respectively, and the first error ratio is less than or equal to the first error ratio Two error ratios, and the second error ratio is less than or equal to the third error ratio. 如請求項4所述之檢核裝置,其中該處理模組更用於在輸出該異常通知之前,執行:判斷該些實際權限清單中不符合該預設權限清單的一目標權限清單是否無資料;以及 當該目標權限清單無資料時,傳送該預設權限清單至該些受檢裝置中對應於該目標權限清單的受檢裝置,以更新該目標授權清單。 The verification device as described in claim 4, wherein the processing module is further configured to: before outputting the abnormal notification, execute: judging whether a target authority list that does not conform to the default authority list in the actual authority lists has no data ;as well as When the target permission list has no information, the default permission list is sent to the checked device corresponding to the target permission list among the checked devices, so as to update the target authorization list.
TW110149683A 2021-12-30 2021-12-30 Method and device for automatically checking authority of computer folder TWI789193B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW110149683A TWI789193B (en) 2021-12-30 2021-12-30 Method and device for automatically checking authority of computer folder

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW110149683A TWI789193B (en) 2021-12-30 2021-12-30 Method and device for automatically checking authority of computer folder

Publications (2)

Publication Number Publication Date
TWI789193B true TWI789193B (en) 2023-01-01
TW202326461A TW202326461A (en) 2023-07-01

Family

ID=86669991

Family Applications (1)

Application Number Title Priority Date Filing Date
TW110149683A TWI789193B (en) 2021-12-30 2021-12-30 Method and device for automatically checking authority of computer folder

Country Status (1)

Country Link
TW (1) TWI789193B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI571754B (en) * 2015-02-02 2017-02-21 群暉科技股份有限公司 Method for performing file synchronization control, and associated apparatus
US10235383B2 (en) * 2012-12-19 2019-03-19 Box, Inc. Method and apparatus for synchronization of items with read-only permissions in a cloud-based environment
US10530854B2 (en) * 2014-05-30 2020-01-07 Box, Inc. Synchronization of permissioned content in cloud-based environments
TWI698754B (en) * 2018-05-29 2020-07-11 普安科技股份有限公司 Method for managing the access authority to cloud storage and the system therefor

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10235383B2 (en) * 2012-12-19 2019-03-19 Box, Inc. Method and apparatus for synchronization of items with read-only permissions in a cloud-based environment
US10530854B2 (en) * 2014-05-30 2020-01-07 Box, Inc. Synchronization of permissioned content in cloud-based environments
TWI571754B (en) * 2015-02-02 2017-02-21 群暉科技股份有限公司 Method for performing file synchronization control, and associated apparatus
TWI698754B (en) * 2018-05-29 2020-07-11 普安科技股份有限公司 Method for managing the access authority to cloud storage and the system therefor

Also Published As

Publication number Publication date
TW202326461A (en) 2023-07-01

Similar Documents

Publication Publication Date Title
US10158654B2 (en) Systems and methods for computer environment situational awareness
WO2021184587A1 (en) Prometheus-based private cloud monitoring method and apparatus, and computer device and storage medium
CN111082940A (en) Internet of things equipment control method and device, computing equipment and storage medium
US20070005320A1 (en) Model-based configuration management
US11368495B2 (en) Securely managing network connections
WO2020015092A1 (en) Instance monitoring method and apparatus, terminal device and medium
CN106406980B (en) A kind of dispositions method and device of virtual machine
CN112818307A (en) User operation processing method, system, device and computer readable storage medium
JP2018509692A (en) Selective block-based integrity protection techniques
EP2887703B1 (en) Application protection in a mobile telecommunication device
CN108600198A (en) Access control method, device, computer storage media and the terminal of fire wall
CN113312669B (en) Password synchronization method, device and storage medium
CN111832018A (en) Virus detection method, virus detection device, computer device and storage medium
CN113746684A (en) Network equipment management method and device, computer equipment and storage medium
TWI789193B (en) Method and device for automatically checking authority of computer folder
CN108459927A (en) A kind of data back up method, device and server
CN108737184B (en) Management method and device of disaster recovery system
CN109842681A (en) A kind of data management system and method for taking into account centralization with distributed characteristic
JP2006114044A (en) System and method for detecting invalid access to computer network
TW201523286A (en) Cloud system and method for arranging cloud resource
CN109257213B (en) Method and device for judging computer terminal access verification failure
US11087020B2 (en) Providing transparency in private-user-data access
JP6989457B2 (en) External information receiving / distributing device, data transmission method, and program
CN108566293B (en) Electronic device, zk node information notification method, and storage medium
KR20200071787A (en) Method and system for managing integrated storages of on-premise and cloud