CN101621518A - Method for managing permission - Google Patents
Method for managing permission Download PDFInfo
- Publication number
- CN101621518A CN101621518A CN200910112267A CN200910112267A CN101621518A CN 101621518 A CN101621518 A CN 101621518A CN 200910112267 A CN200910112267 A CN 200910112267A CN 200910112267 A CN200910112267 A CN 200910112267A CN 101621518 A CN101621518 A CN 101621518A
- Authority
- CN
- China
- Prior art keywords
- permission
- role
- traffic
- authority
- business
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to a method for managing permission, in particular to a method for managing business permission in the field of IT. The method for managing permission comprises the following steps: A. verifying a login password; B. obtaining a role ID of a user; C. matching the role ID with a permission ID of a local data dictionary; D. analyzing the permission ID and obtaining a business ID authorized by the login user; and E. dynamically creating and loading a corresponding business module according to the business ID. The business ID and the permission ID are expressed by a binary bit. The technical scheme of the invention has the advantages that 1. the system resources are saved, and the system response speed is improved; 2. the business operation after login does not need to carry out permission authentication, and the executing efficiency is improved.
Description
Technical field
The present invention relates to right management method, relate in particular to the implementation method of the service authority management of IT field.
Background technology
Usually the method that realizes user authority management is: adopt database mode that System Privileges is managed, define various authorities by attribute field in database, describe the authority that it has in each user record.Business operation of the every execution of user all is connected with database, carries out authority and judges, if the user has authority, then continues to carry out.As publication number be: CN101441688A " a kind of user right distribution method and a kind of user authority control method " proposes a kind of scheme, comprise: the role who from the user role mapping relations table that presets, obtains relative users, extract described role's resource access authority, the resource access authority adopts the regular expression definition, and be recorded in the authority definition file, described resource is also identified by unique resource code.The resource access request that the interception user submits to, the resource code of acquisition mates with role's resource access authority, and the match is successful then carries out resource access, denied access then that it fails to match.And for example, publication number is: CN101414253A " a kind of right management method and system " proposes a kind of scheme, be used for user's operation requests being carried out verification at Rights Management System, described method comprises: accept the operation requests that the user proposes, from database, obtain the identifier of role assignments under the user, the corresponding relation of the databases storage power identifier that user, role and role distributed.Various authority resource subfiles are obtained and buffer memory and the corresponding authority resource of described authority identifier from system, and described authority resource subfile is stored the authority resource of the assembly module of its institute's correspondence business.Interception user's operation requests also judges whether the authority resource that described user distributes comprises described operation requests.Be then to accept operation requests, otherwise the refusal operation requests.
But such right management method, business of the every execution of user, each visit all must be carried out authentication and authentication to server database.Therefore, professional execution efficient is low, and expansion is difficult.And judge that on concrete business judge that code and service code mix, coupling is too strong.On the other hand, in the time will activating business module, need the data library structure is made amendment, add heavily to the difficulty of the work, be difficult for expansion.
Summary of the invention
Therefore, at the problems referred to above, the present invention proposes a kind of scheme and solves.
Technical scheme of the present invention is:
Right management method of the present invention comprises the steps:
A. verify login password;
B. obtain the role ID of login user;
C. the permission ID of role ID and local data dictionary is mated;
D. resolve permission ID, obtain the business ID authorized of login user.
Further, behind described step D, carry out: step e. according to traffic ID, dynamic creation loads the corresponding service module.
Further, if after the permission modification of role ID correspondence, only need permission ID is changed and synchronously to local data dictionary.
Further, described each traffic ID is corresponding to a corresponding business module.
Further, increase a business module and then increase a traffic ID.
Further, described traffic ID is the bit data.Increase a business module and then increase by one in the traffic ID of binary digit data.
Further, described permission ID is the bit data.Described permission ID be described traffic ID carry out the bit arithmetic result.
Further, if described traffic ID has authority with " 1 " table, " 0 " shows non-authority, and then described permission ID is to the exclusive disjunction that carries out of described traffic ID; If described traffic ID has authority with " 0 " table, " 1 " shows non-authority, and then described permission ID is to the carrying out and the computing of described traffic ID.
The present invention adopts binary digit to represent each business module, and the business module expansion is convenient, but each business module flexible combination, the permission ID of establishment different role correspondence; Simultaneously, according to permission ID, the dynamic construction business module is saved system resource, improves and carries out efficient.Has advantage: one, save system resource, improve system response time; Two, the business operation after the login need not to carry out purview certification again, has improved execution efficient.
Description of drawings
Fig. 1 is the embodiments of the invention flow charts;
Fig. 2 is user of the present invention, role and professional authority relation schematic diagram.
Embodiment
Now the present invention is further described with embodiment in conjunction with the accompanying drawings.
As shown in Figure 1, embodiments of the invention are such.
Step 101: the user initiates logging request;
Step 102: whether authentication password is passed through;
If then enter
Step 103: the role ID of obtaining login user;
Step 104: with the permission ID coupling of role ID and local data dictionary;
Step 105: resolve permission ID, obtain the business ID authorized of login user;
Step 106: according to traffic ID, dynamic creation loads the corresponding service module, and enters step 107;
If not, then redirect
Step 107: login finishes.
Traffic ID of the present invention and permission ID adopt binary digit.Described permission ID be described traffic ID carry out the bit arithmetic result.
Illustrate:
Have five business modules need carry out control of authority in certain system, traffic ID has authority with " 1 " table, and " 0 " shows non-authority, and its Business Name and traffic ID are distributed as table 1:
Table 1
In this system, three kinds of roles are arranged, role ID of their correspondences and business operations competence, as table 2:
Table 2
The role | Role ID | Service authority |
Role A | ??1 | Professional A, professional B, professional C, professional D, professional E |
Role B | ??2 | Professional A, professional C, professional D |
Role C | ??3 | Professional E |
According to this method, described permission ID is to the exclusive disjunction that carries out of described traffic ID, then each role's permission ID result of calculation and corresponding relation such as table 3:
Table 3
If traffic ID has authority with " 0 " table, " 1 " shows non-authority, and its Business Name and traffic ID are distributed as table 1 ':
Table 1 '
According to this method, described permission ID is then installed the represented authority of table 2 example to the carrying out and the computing of described traffic ID, each role's permission ID result of calculation and corresponding relation such as table 2 ':
Table 2 '
Role ID | Permission ID (binary system) |
??1 | ??00000 |
??2 | ??10010 |
??3 | ??01111 |
With table 3 or table 2 ' in role ID and permission ID, be stored in the local data dictionary.After user's login authentication was passed through, the role ID that obtains returning was mated corresponding authority ID by role ID in local data dictionary, resolved permission ID, obtained corresponding business ID, and then, the dynamic construction business module is realized rights management.Certainly, preferred, if the described traffic ID of the present invention has authority with " 1 " table, " 0 " shows non-authority.Convenient so professional expansion.
Consult shown in Figure 2ly, illustrate: the present invention includes 5 users, is respectively user 211, user 212, user 213, user 214 and user 215.Wherein user 211 and user 212 have the authority of role A221, and user 213 has the authority of role B222, and user 214 and user 215 have the authority of role C223.Wherein, the authority of role A221 comprises professional A231, professional B232, professional C233, professional D234, professional E235; The authority of role B222 comprises professional A, professional C, professional D; The authority of role C223 comprises professional E.Then user 211, user 212 can only obtain the ID of role A221 by the password login, and according to the permission ID of local data dictionary coupling: 11111, parse the ID:01000 of the ID:00100 of the ID:00010 of the ID:00001 of corresponding service A231, professional B232, professional C233, professional D234, the ID:10000 of professional E235.Create then and load corresponding service A module, professional B module, professional C module, professional D module, professional E module.The rest may be inferred by analogy for it, repeats no more.
It should be noted that the renewal of local data dictionary, is to carry out down loading updating, synchronous by local area network (LAN), INTERNET net or wireless network from server.In an embodiment of the present invention, adopt the GPRS radio data communication mode, realize local data dictionary remote update, synchronous.And because the data dictionary file on the terminal is a binary file format, non-document file, ordinary circumstance can't view the inside content, and the present invention program is particularly useful for handheld terminal, and the user generally can't touch the data of the inside by other approach.Therefore effectively simple, need not huge cryptographic algorithm.Certainly, can carry out the respective encrypted algorithm process to the data dictionary if the technical scheme of this invention is expanded to other field.
The invention has the advantages that:
1. a newly-built user only need give appropriate role, inherits the operating right of this role's correspondence automatically, need not other setting;
2. newly-increased role only needs to generate new permission ID, and be saved in data dictionary according to new traffic ID combination;
3. the modification of role-security is simple, revise the pairing authority of certain role, as long as according to new traffic ID combination, regenerate permission ID, and be substituted in the data dictionary;
4. the module of activating business is convenient, as long as distribute a untapped traffic ID (binary digit sign) to new traffic module, and as required, by the binary digit exclusive disjunction, adds in the permission ID of existing role's correspondence; The dynamic construction of business module has realized the operation-interface of What You See Is What You Get, as long as the business module that the user can see promptly is its business module that allows operation, business operation afterwards need not to carry out purview certification again.
Although specifically show and introduced the present invention in conjunction with preferred embodiment; but the those skilled in the art should be understood that; in the spirit and scope of the present invention that do not break away from appended claims and limited; can make various variations to the present invention in the form and details, be protection scope of the present invention.
Claims (10)
1. a right management method is characterized in that, comprises the steps:
A. verify login password;
B. obtain the role ID of login user;
C. the permission ID of role ID and local data dictionary is mated;
D. resolve permission ID, obtain the business ID authorized of login user.
2. right management method according to claim 1 is characterized in that, carries out behind described step D:
E. according to traffic ID, dynamic creation loads the corresponding service module.
3. right management method according to claim 1 is characterized in that: if after the permission modification of role ID correspondence, only need permission ID is changed and synchronously to local data dictionary.
4. right management method according to claim 1 and 2 is characterized in that: described each traffic ID is corresponding to a corresponding business module.
5. right management method according to claim 4 is characterized in that: increase a business module and then increase a traffic ID.
6. right management method according to claim 1 is characterized in that: described traffic ID is the bit data.
7. right management method according to claim 5 is characterized in that: increase a business module and then increase by one in the traffic ID of binary digit data.
8. right management method according to claim 1 is characterized in that: described permission ID is the bit data.
9. right management method according to claim 1 is characterized in that: described permission ID be described traffic ID carry out the bit arithmetic result.
10. right management method according to claim 1 is characterized in that: if described traffic ID has authority with " 1 " table, " 0 " shows non-authority, and then described permission ID is to the exclusive disjunction that carries out of described traffic ID; If described traffic ID has authority with " 0 " table, " 1 " shows non-authority, and then described permission ID is to the carrying out and the computing of described traffic ID.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200910112267A CN101621518A (en) | 2009-07-20 | 2009-07-20 | Method for managing permission |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200910112267A CN101621518A (en) | 2009-07-20 | 2009-07-20 | Method for managing permission |
Publications (1)
Publication Number | Publication Date |
---|---|
CN101621518A true CN101621518A (en) | 2010-01-06 |
Family
ID=41514562
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN200910112267A Pending CN101621518A (en) | 2009-07-20 | 2009-07-20 | Method for managing permission |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101621518A (en) |
Cited By (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101847002A (en) * | 2010-05-20 | 2010-09-29 | 浙江中控软件技术有限公司 | Method for implementing dynamic regulation of authority items, device and system thereof |
CN102055763A (en) * | 2010-12-14 | 2011-05-11 | 山东中创软件工程股份有限公司 | Rights management method and system |
CN102542394A (en) * | 2010-12-29 | 2012-07-04 | 沈阳中科博微自动化技术有限公司 | Authority management method for semiconductor equipment |
CN102930184A (en) * | 2012-10-19 | 2013-02-13 | 华为技术有限公司 | Functional component loading method and device |
CN103037063A (en) * | 2011-09-29 | 2013-04-10 | 中国移动通信集团陕西有限公司 | Method, system and assembly manager for mobile phone business dynamic loading |
CN104516888A (en) * | 2013-09-27 | 2015-04-15 | 腾讯科技(北京)有限公司 | Authority query method and device of multi-dimensional data |
CN104519072A (en) * | 2015-01-14 | 2015-04-15 | 浪潮(北京)电子信息产业有限公司 | Authority control method and device |
CN104796737A (en) * | 2015-04-28 | 2015-07-22 | 天脉聚源(北京)传媒科技有限公司 | Group-based channel play implementing method, system and equipment |
CN104838386A (en) * | 2012-03-30 | 2015-08-12 | 电子湾有限公司 | User authentication and authorization using personas |
CN105787317A (en) * | 2016-03-23 | 2016-07-20 | 中国电力科学研究院 | Permission control method based on multi-layer hierarchy system |
CN105897682A (en) * | 2015-12-11 | 2016-08-24 | 乐视云计算有限公司 | Online authentication method and device |
CN106569816A (en) * | 2016-10-26 | 2017-04-19 | 搜游网络科技(北京)有限公司 | Rendering method and apparatus |
CN106815516A (en) * | 2017-01-18 | 2017-06-09 | 泰康保险集团股份有限公司 | The access authorization methods and system of user profile |
CN107688732A (en) * | 2017-09-15 | 2018-02-13 | 郑州云海信息技术有限公司 | A kind of configuration of access authorization for resource, acquisition methods and device |
CN110413292A (en) * | 2019-07-22 | 2019-11-05 | 深圳证券交易所 | Light application installation method, mobile terminal and the storage medium of application program |
US10754941B2 (en) | 2012-03-30 | 2020-08-25 | Ebay Inc. | User device security manager |
CN113411295A (en) * | 2021-05-07 | 2021-09-17 | 上海纽盾科技股份有限公司 | Role-based access control situation awareness defense method and system |
CN117056885A (en) * | 2023-07-21 | 2023-11-14 | 广州盈风网络科技有限公司 | User permission determination method, device, equipment and storage medium |
CN118427793A (en) * | 2023-10-25 | 2024-08-02 | 荣耀终端有限公司 | Authority management method and device |
-
2009
- 2009-07-20 CN CN200910112267A patent/CN101621518A/en active Pending
Cited By (30)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101847002A (en) * | 2010-05-20 | 2010-09-29 | 浙江中控软件技术有限公司 | Method for implementing dynamic regulation of authority items, device and system thereof |
CN102055763A (en) * | 2010-12-14 | 2011-05-11 | 山东中创软件工程股份有限公司 | Rights management method and system |
CN102055763B (en) * | 2010-12-14 | 2013-04-03 | 山东中创软件工程股份有限公司 | Rights management method and system |
CN102542394A (en) * | 2010-12-29 | 2012-07-04 | 沈阳中科博微自动化技术有限公司 | Authority management method for semiconductor equipment |
CN103037063A (en) * | 2011-09-29 | 2013-04-10 | 中国移动通信集团陕西有限公司 | Method, system and assembly manager for mobile phone business dynamic loading |
CN103037063B (en) * | 2011-09-29 | 2016-03-02 | 中国移动通信集团陕西有限公司 | A kind of method of mobile phone business dynamic load, system and component manager |
CN104838386A (en) * | 2012-03-30 | 2015-08-12 | 电子湾有限公司 | User authentication and authorization using personas |
US10754941B2 (en) | 2012-03-30 | 2020-08-25 | Ebay Inc. | User device security manager |
CN104838386B (en) * | 2012-03-30 | 2017-11-10 | 电子湾有限公司 | User authentication and mandate using character |
CN102930184A (en) * | 2012-10-19 | 2013-02-13 | 华为技术有限公司 | Functional component loading method and device |
CN102930184B (en) * | 2012-10-19 | 2015-11-25 | 华为技术有限公司 | A kind of functional module loading method and device |
CN104516888B (en) * | 2013-09-27 | 2019-03-26 | 腾讯科技(北京)有限公司 | The permission querying method and device of multidimensional data |
CN104516888A (en) * | 2013-09-27 | 2015-04-15 | 腾讯科技(北京)有限公司 | Authority query method and device of multi-dimensional data |
CN104519072A (en) * | 2015-01-14 | 2015-04-15 | 浪潮(北京)电子信息产业有限公司 | Authority control method and device |
CN104796737A (en) * | 2015-04-28 | 2015-07-22 | 天脉聚源(北京)传媒科技有限公司 | Group-based channel play implementing method, system and equipment |
CN104796737B (en) * | 2015-04-28 | 2018-10-26 | 天脉聚源(北京)传媒科技有限公司 | Channel based on group plays implementation method, system and equipment |
CN105897682A (en) * | 2015-12-11 | 2016-08-24 | 乐视云计算有限公司 | Online authentication method and device |
CN105787317A (en) * | 2016-03-23 | 2016-07-20 | 中国电力科学研究院 | Permission control method based on multi-layer hierarchy system |
CN106569816A (en) * | 2016-10-26 | 2017-04-19 | 搜游网络科技(北京)有限公司 | Rendering method and apparatus |
CN106569816B (en) * | 2016-10-26 | 2020-03-31 | 搜游网络科技(北京)有限公司 | Rendering method and device |
CN106815516A (en) * | 2017-01-18 | 2017-06-09 | 泰康保险集团股份有限公司 | The access authorization methods and system of user profile |
CN106815516B (en) * | 2017-01-18 | 2020-11-10 | 泰康保险集团股份有限公司 | User information access authorization method and system |
CN107688732A (en) * | 2017-09-15 | 2018-02-13 | 郑州云海信息技术有限公司 | A kind of configuration of access authorization for resource, acquisition methods and device |
CN107688732B (en) * | 2017-09-15 | 2020-08-18 | 苏州浪潮智能科技有限公司 | Resource permission configuration and acquisition method and device |
CN110413292A (en) * | 2019-07-22 | 2019-11-05 | 深圳证券交易所 | Light application installation method, mobile terminal and the storage medium of application program |
CN110413292B (en) * | 2019-07-22 | 2023-11-14 | 深圳证券交易所 | Light application installation method of application program, mobile terminal and storage medium |
CN113411295A (en) * | 2021-05-07 | 2021-09-17 | 上海纽盾科技股份有限公司 | Role-based access control situation awareness defense method and system |
CN117056885A (en) * | 2023-07-21 | 2023-11-14 | 广州盈风网络科技有限公司 | User permission determination method, device, equipment and storage medium |
CN117056885B (en) * | 2023-07-21 | 2024-08-23 | 广州盈风网络科技有限公司 | User permission determination method, device, equipment and storage medium |
CN118427793A (en) * | 2023-10-25 | 2024-08-02 | 荣耀终端有限公司 | Authority management method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101621518A (en) | Method for managing permission | |
CN111274268B (en) | Internet of things data transmission method and device, medium and electronic equipment | |
JP6856626B2 (en) | Methods and equipment for multi-user cluster identity authentication | |
WO2021068619A1 (en) | Certificate authentication management method, apparatus and device, and computer-readable storage medium | |
CN108769230B (en) | Transaction data storage method, device, server and storage medium | |
CN105225072B (en) | Access management method and system for multiple application systems | |
Sicari et al. | Security&privacy issues and challenges in NoSQL databases | |
CN112835977B (en) | Database management method and system based on block chain | |
CN101316273A (en) | Distributed safety memory system | |
CN107908979B (en) | Method and electronic device for configuration and endorsement in blockchain | |
CN102468971A (en) | Authority management method and device and authority control method and device | |
CN112702402A (en) | System, method, device, processor and storage medium for realizing government affair information resource sharing and exchange based on block chain technology | |
CN108563697B (en) | Data processing method, device and storage medium | |
CN115859362A (en) | Data storage system, method, device and medium based on block chain side chain | |
CN103312682A (en) | Method and system for accessing gateway safely | |
US11750376B2 (en) | Threshold scheme enabled symmetric key member deletion | |
CN113240145B (en) | Order-preserving encryption-based network vehicle-restraining platform and method thereof | |
CN106161654A (en) | A kind of cloud educational system | |
CN106713228A (en) | Cloud platform key management method and system | |
CN104090937A (en) | Database access method and database access system based on cloud calculation | |
CN113011960A (en) | Block chain-based data access method, device, medium and electronic equipment | |
CN115277007A (en) | Private chain-based edge gateway authentication method, system, device and equipment | |
CN113434824B (en) | Software service authorization management method, device, equipment and storage medium | |
CN116318931A (en) | Attribute mapping method and system based on cross-domain access control | |
CN112184225B (en) | Cloud rendering resource exchange method based on blockchain |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C12 | Rejection of a patent application after its publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20100106 |