Nothing Special   »   [go: up one dir, main page]

CN101621518A - Method for managing permission - Google Patents

Method for managing permission Download PDF

Info

Publication number
CN101621518A
CN101621518A CN200910112267A CN200910112267A CN101621518A CN 101621518 A CN101621518 A CN 101621518A CN 200910112267 A CN200910112267 A CN 200910112267A CN 200910112267 A CN200910112267 A CN 200910112267A CN 101621518 A CN101621518 A CN 101621518A
Authority
CN
China
Prior art keywords
permission
role
traffic
authority
business
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN200910112267A
Other languages
Chinese (zh)
Inventor
熊晨锋
林永煌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xiamen Stelcom Information & Technology Co Ltd
Original Assignee
Xiamen Stelcom Information & Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xiamen Stelcom Information & Technology Co Ltd filed Critical Xiamen Stelcom Information & Technology Co Ltd
Priority to CN200910112267A priority Critical patent/CN101621518A/en
Publication of CN101621518A publication Critical patent/CN101621518A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention relates to a method for managing permission, in particular to a method for managing business permission in the field of IT. The method for managing permission comprises the following steps: A. verifying a login password; B. obtaining a role ID of a user; C. matching the role ID with a permission ID of a local data dictionary; D. analyzing the permission ID and obtaining a business ID authorized by the login user; and E. dynamically creating and loading a corresponding business module according to the business ID. The business ID and the permission ID are expressed by a binary bit. The technical scheme of the invention has the advantages that 1. the system resources are saved, and the system response speed is improved; 2. the business operation after login does not need to carry out permission authentication, and the executing efficiency is improved.

Description

A kind of right management method
Technical field
The present invention relates to right management method, relate in particular to the implementation method of the service authority management of IT field.
Background technology
Usually the method that realizes user authority management is: adopt database mode that System Privileges is managed, define various authorities by attribute field in database, describe the authority that it has in each user record.Business operation of the every execution of user all is connected with database, carries out authority and judges, if the user has authority, then continues to carry out.As publication number be: CN101441688A " a kind of user right distribution method and a kind of user authority control method " proposes a kind of scheme, comprise: the role who from the user role mapping relations table that presets, obtains relative users, extract described role's resource access authority, the resource access authority adopts the regular expression definition, and be recorded in the authority definition file, described resource is also identified by unique resource code.The resource access request that the interception user submits to, the resource code of acquisition mates with role's resource access authority, and the match is successful then carries out resource access, denied access then that it fails to match.And for example, publication number is: CN101414253A " a kind of right management method and system " proposes a kind of scheme, be used for user's operation requests being carried out verification at Rights Management System, described method comprises: accept the operation requests that the user proposes, from database, obtain the identifier of role assignments under the user, the corresponding relation of the databases storage power identifier that user, role and role distributed.Various authority resource subfiles are obtained and buffer memory and the corresponding authority resource of described authority identifier from system, and described authority resource subfile is stored the authority resource of the assembly module of its institute's correspondence business.Interception user's operation requests also judges whether the authority resource that described user distributes comprises described operation requests.Be then to accept operation requests, otherwise the refusal operation requests.
But such right management method, business of the every execution of user, each visit all must be carried out authentication and authentication to server database.Therefore, professional execution efficient is low, and expansion is difficult.And judge that on concrete business judge that code and service code mix, coupling is too strong.On the other hand, in the time will activating business module, need the data library structure is made amendment, add heavily to the difficulty of the work, be difficult for expansion.
Summary of the invention
Therefore, at the problems referred to above, the present invention proposes a kind of scheme and solves.
Technical scheme of the present invention is:
Right management method of the present invention comprises the steps:
A. verify login password;
B. obtain the role ID of login user;
C. the permission ID of role ID and local data dictionary is mated;
D. resolve permission ID, obtain the business ID authorized of login user.
Further, behind described step D, carry out: step e. according to traffic ID, dynamic creation loads the corresponding service module.
Further, if after the permission modification of role ID correspondence, only need permission ID is changed and synchronously to local data dictionary.
Further, described each traffic ID is corresponding to a corresponding business module.
Further, increase a business module and then increase a traffic ID.
Further, described traffic ID is the bit data.Increase a business module and then increase by one in the traffic ID of binary digit data.
Further, described permission ID is the bit data.Described permission ID be described traffic ID carry out the bit arithmetic result.
Further, if described traffic ID has authority with " 1 " table, " 0 " shows non-authority, and then described permission ID is to the exclusive disjunction that carries out of described traffic ID; If described traffic ID has authority with " 0 " table, " 1 " shows non-authority, and then described permission ID is to the carrying out and the computing of described traffic ID.
The present invention adopts binary digit to represent each business module, and the business module expansion is convenient, but each business module flexible combination, the permission ID of establishment different role correspondence; Simultaneously, according to permission ID, the dynamic construction business module is saved system resource, improves and carries out efficient.Has advantage: one, save system resource, improve system response time; Two, the business operation after the login need not to carry out purview certification again, has improved execution efficient.
Description of drawings
Fig. 1 is the embodiments of the invention flow charts;
Fig. 2 is user of the present invention, role and professional authority relation schematic diagram.
Embodiment
Now the present invention is further described with embodiment in conjunction with the accompanying drawings.
As shown in Figure 1, embodiments of the invention are such.
Step 101: the user initiates logging request;
Step 102: whether authentication password is passed through;
If then enter
Step 103: the role ID of obtaining login user;
Step 104: with the permission ID coupling of role ID and local data dictionary;
Step 105: resolve permission ID, obtain the business ID authorized of login user;
Step 106: according to traffic ID, dynamic creation loads the corresponding service module, and enters step 107;
If not, then redirect
Step 107: login finishes.
Traffic ID of the present invention and permission ID adopt binary digit.Described permission ID be described traffic ID carry out the bit arithmetic result.
Illustrate:
Have five business modules need carry out control of authority in certain system, traffic ID has authority with " 1 " table, and " 0 " shows non-authority, and its Business Name and traffic ID are distributed as table 1:
Table 1
Figure G2009101122679D00041
In this system, three kinds of roles are arranged, role ID of their correspondences and business operations competence, as table 2:
Table 2
The role Role ID Service authority
Role A ??1 Professional A, professional B, professional C, professional D, professional E
Role B ??2 Professional A, professional C, professional D
Role C ??3 Professional E
According to this method, described permission ID is to the exclusive disjunction that carries out of described traffic ID, then each role's permission ID result of calculation and corresponding relation such as table 3:
Table 3
Figure G2009101122679D00051
If traffic ID has authority with " 0 " table, " 1 " shows non-authority, and its Business Name and traffic ID are distributed as table 1 ':
Table 1 '
Figure G2009101122679D00052
According to this method, described permission ID is then installed the represented authority of table 2 example to the carrying out and the computing of described traffic ID, each role's permission ID result of calculation and corresponding relation such as table 2 ':
Table 2 '
Role ID Permission ID (binary system)
??1 ??00000
??2 ??10010
??3 ??01111
With table 3 or table 2 ' in role ID and permission ID, be stored in the local data dictionary.After user's login authentication was passed through, the role ID that obtains returning was mated corresponding authority ID by role ID in local data dictionary, resolved permission ID, obtained corresponding business ID, and then, the dynamic construction business module is realized rights management.Certainly, preferred, if the described traffic ID of the present invention has authority with " 1 " table, " 0 " shows non-authority.Convenient so professional expansion.
Consult shown in Figure 2ly, illustrate: the present invention includes 5 users, is respectively user 211, user 212, user 213, user 214 and user 215.Wherein user 211 and user 212 have the authority of role A221, and user 213 has the authority of role B222, and user 214 and user 215 have the authority of role C223.Wherein, the authority of role A221 comprises professional A231, professional B232, professional C233, professional D234, professional E235; The authority of role B222 comprises professional A, professional C, professional D; The authority of role C223 comprises professional E.Then user 211, user 212 can only obtain the ID of role A221 by the password login, and according to the permission ID of local data dictionary coupling: 11111, parse the ID:01000 of the ID:00100 of the ID:00010 of the ID:00001 of corresponding service A231, professional B232, professional C233, professional D234, the ID:10000 of professional E235.Create then and load corresponding service A module, professional B module, professional C module, professional D module, professional E module.The rest may be inferred by analogy for it, repeats no more.
It should be noted that the renewal of local data dictionary, is to carry out down loading updating, synchronous by local area network (LAN), INTERNET net or wireless network from server.In an embodiment of the present invention, adopt the GPRS radio data communication mode, realize local data dictionary remote update, synchronous.And because the data dictionary file on the terminal is a binary file format, non-document file, ordinary circumstance can't view the inside content, and the present invention program is particularly useful for handheld terminal, and the user generally can't touch the data of the inside by other approach.Therefore effectively simple, need not huge cryptographic algorithm.Certainly, can carry out the respective encrypted algorithm process to the data dictionary if the technical scheme of this invention is expanded to other field.
The invention has the advantages that:
1. a newly-built user only need give appropriate role, inherits the operating right of this role's correspondence automatically, need not other setting;
2. newly-increased role only needs to generate new permission ID, and be saved in data dictionary according to new traffic ID combination;
3. the modification of role-security is simple, revise the pairing authority of certain role, as long as according to new traffic ID combination, regenerate permission ID, and be substituted in the data dictionary;
4. the module of activating business is convenient, as long as distribute a untapped traffic ID (binary digit sign) to new traffic module, and as required, by the binary digit exclusive disjunction, adds in the permission ID of existing role's correspondence; The dynamic construction of business module has realized the operation-interface of What You See Is What You Get, as long as the business module that the user can see promptly is its business module that allows operation, business operation afterwards need not to carry out purview certification again.
Although specifically show and introduced the present invention in conjunction with preferred embodiment; but the those skilled in the art should be understood that; in the spirit and scope of the present invention that do not break away from appended claims and limited; can make various variations to the present invention in the form and details, be protection scope of the present invention.

Claims (10)

1. a right management method is characterized in that, comprises the steps:
A. verify login password;
B. obtain the role ID of login user;
C. the permission ID of role ID and local data dictionary is mated;
D. resolve permission ID, obtain the business ID authorized of login user.
2. right management method according to claim 1 is characterized in that, carries out behind described step D:
E. according to traffic ID, dynamic creation loads the corresponding service module.
3. right management method according to claim 1 is characterized in that: if after the permission modification of role ID correspondence, only need permission ID is changed and synchronously to local data dictionary.
4. right management method according to claim 1 and 2 is characterized in that: described each traffic ID is corresponding to a corresponding business module.
5. right management method according to claim 4 is characterized in that: increase a business module and then increase a traffic ID.
6. right management method according to claim 1 is characterized in that: described traffic ID is the bit data.
7. right management method according to claim 5 is characterized in that: increase a business module and then increase by one in the traffic ID of binary digit data.
8. right management method according to claim 1 is characterized in that: described permission ID is the bit data.
9. right management method according to claim 1 is characterized in that: described permission ID be described traffic ID carry out the bit arithmetic result.
10. right management method according to claim 1 is characterized in that: if described traffic ID has authority with " 1 " table, " 0 " shows non-authority, and then described permission ID is to the exclusive disjunction that carries out of described traffic ID; If described traffic ID has authority with " 0 " table, " 1 " shows non-authority, and then described permission ID is to the carrying out and the computing of described traffic ID.
CN200910112267A 2009-07-20 2009-07-20 Method for managing permission Pending CN101621518A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200910112267A CN101621518A (en) 2009-07-20 2009-07-20 Method for managing permission

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200910112267A CN101621518A (en) 2009-07-20 2009-07-20 Method for managing permission

Publications (1)

Publication Number Publication Date
CN101621518A true CN101621518A (en) 2010-01-06

Family

ID=41514562

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200910112267A Pending CN101621518A (en) 2009-07-20 2009-07-20 Method for managing permission

Country Status (1)

Country Link
CN (1) CN101621518A (en)

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101847002A (en) * 2010-05-20 2010-09-29 浙江中控软件技术有限公司 Method for implementing dynamic regulation of authority items, device and system thereof
CN102055763A (en) * 2010-12-14 2011-05-11 山东中创软件工程股份有限公司 Rights management method and system
CN102542394A (en) * 2010-12-29 2012-07-04 沈阳中科博微自动化技术有限公司 Authority management method for semiconductor equipment
CN102930184A (en) * 2012-10-19 2013-02-13 华为技术有限公司 Functional component loading method and device
CN103037063A (en) * 2011-09-29 2013-04-10 中国移动通信集团陕西有限公司 Method, system and assembly manager for mobile phone business dynamic loading
CN104516888A (en) * 2013-09-27 2015-04-15 腾讯科技(北京)有限公司 Authority query method and device of multi-dimensional data
CN104519072A (en) * 2015-01-14 2015-04-15 浪潮(北京)电子信息产业有限公司 Authority control method and device
CN104796737A (en) * 2015-04-28 2015-07-22 天脉聚源(北京)传媒科技有限公司 Group-based channel play implementing method, system and equipment
CN104838386A (en) * 2012-03-30 2015-08-12 电子湾有限公司 User authentication and authorization using personas
CN105787317A (en) * 2016-03-23 2016-07-20 中国电力科学研究院 Permission control method based on multi-layer hierarchy system
CN105897682A (en) * 2015-12-11 2016-08-24 乐视云计算有限公司 Online authentication method and device
CN106569816A (en) * 2016-10-26 2017-04-19 搜游网络科技(北京)有限公司 Rendering method and apparatus
CN106815516A (en) * 2017-01-18 2017-06-09 泰康保险集团股份有限公司 The access authorization methods and system of user profile
CN107688732A (en) * 2017-09-15 2018-02-13 郑州云海信息技术有限公司 A kind of configuration of access authorization for resource, acquisition methods and device
CN110413292A (en) * 2019-07-22 2019-11-05 深圳证券交易所 Light application installation method, mobile terminal and the storage medium of application program
US10754941B2 (en) 2012-03-30 2020-08-25 Ebay Inc. User device security manager
CN113411295A (en) * 2021-05-07 2021-09-17 上海纽盾科技股份有限公司 Role-based access control situation awareness defense method and system
CN117056885A (en) * 2023-07-21 2023-11-14 广州盈风网络科技有限公司 User permission determination method, device, equipment and storage medium
CN118427793A (en) * 2023-10-25 2024-08-02 荣耀终端有限公司 Authority management method and device

Cited By (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101847002A (en) * 2010-05-20 2010-09-29 浙江中控软件技术有限公司 Method for implementing dynamic regulation of authority items, device and system thereof
CN102055763A (en) * 2010-12-14 2011-05-11 山东中创软件工程股份有限公司 Rights management method and system
CN102055763B (en) * 2010-12-14 2013-04-03 山东中创软件工程股份有限公司 Rights management method and system
CN102542394A (en) * 2010-12-29 2012-07-04 沈阳中科博微自动化技术有限公司 Authority management method for semiconductor equipment
CN103037063A (en) * 2011-09-29 2013-04-10 中国移动通信集团陕西有限公司 Method, system and assembly manager for mobile phone business dynamic loading
CN103037063B (en) * 2011-09-29 2016-03-02 中国移动通信集团陕西有限公司 A kind of method of mobile phone business dynamic load, system and component manager
CN104838386A (en) * 2012-03-30 2015-08-12 电子湾有限公司 User authentication and authorization using personas
US10754941B2 (en) 2012-03-30 2020-08-25 Ebay Inc. User device security manager
CN104838386B (en) * 2012-03-30 2017-11-10 电子湾有限公司 User authentication and mandate using character
CN102930184A (en) * 2012-10-19 2013-02-13 华为技术有限公司 Functional component loading method and device
CN102930184B (en) * 2012-10-19 2015-11-25 华为技术有限公司 A kind of functional module loading method and device
CN104516888B (en) * 2013-09-27 2019-03-26 腾讯科技(北京)有限公司 The permission querying method and device of multidimensional data
CN104516888A (en) * 2013-09-27 2015-04-15 腾讯科技(北京)有限公司 Authority query method and device of multi-dimensional data
CN104519072A (en) * 2015-01-14 2015-04-15 浪潮(北京)电子信息产业有限公司 Authority control method and device
CN104796737A (en) * 2015-04-28 2015-07-22 天脉聚源(北京)传媒科技有限公司 Group-based channel play implementing method, system and equipment
CN104796737B (en) * 2015-04-28 2018-10-26 天脉聚源(北京)传媒科技有限公司 Channel based on group plays implementation method, system and equipment
CN105897682A (en) * 2015-12-11 2016-08-24 乐视云计算有限公司 Online authentication method and device
CN105787317A (en) * 2016-03-23 2016-07-20 中国电力科学研究院 Permission control method based on multi-layer hierarchy system
CN106569816A (en) * 2016-10-26 2017-04-19 搜游网络科技(北京)有限公司 Rendering method and apparatus
CN106569816B (en) * 2016-10-26 2020-03-31 搜游网络科技(北京)有限公司 Rendering method and device
CN106815516A (en) * 2017-01-18 2017-06-09 泰康保险集团股份有限公司 The access authorization methods and system of user profile
CN106815516B (en) * 2017-01-18 2020-11-10 泰康保险集团股份有限公司 User information access authorization method and system
CN107688732A (en) * 2017-09-15 2018-02-13 郑州云海信息技术有限公司 A kind of configuration of access authorization for resource, acquisition methods and device
CN107688732B (en) * 2017-09-15 2020-08-18 苏州浪潮智能科技有限公司 Resource permission configuration and acquisition method and device
CN110413292A (en) * 2019-07-22 2019-11-05 深圳证券交易所 Light application installation method, mobile terminal and the storage medium of application program
CN110413292B (en) * 2019-07-22 2023-11-14 深圳证券交易所 Light application installation method of application program, mobile terminal and storage medium
CN113411295A (en) * 2021-05-07 2021-09-17 上海纽盾科技股份有限公司 Role-based access control situation awareness defense method and system
CN117056885A (en) * 2023-07-21 2023-11-14 广州盈风网络科技有限公司 User permission determination method, device, equipment and storage medium
CN117056885B (en) * 2023-07-21 2024-08-23 广州盈风网络科技有限公司 User permission determination method, device, equipment and storage medium
CN118427793A (en) * 2023-10-25 2024-08-02 荣耀终端有限公司 Authority management method and device

Similar Documents

Publication Publication Date Title
CN101621518A (en) Method for managing permission
CN111274268B (en) Internet of things data transmission method and device, medium and electronic equipment
JP6856626B2 (en) Methods and equipment for multi-user cluster identity authentication
WO2021068619A1 (en) Certificate authentication management method, apparatus and device, and computer-readable storage medium
CN108769230B (en) Transaction data storage method, device, server and storage medium
CN105225072B (en) Access management method and system for multiple application systems
Sicari et al. Security&privacy issues and challenges in NoSQL databases
CN112835977B (en) Database management method and system based on block chain
CN101316273A (en) Distributed safety memory system
CN107908979B (en) Method and electronic device for configuration and endorsement in blockchain
CN102468971A (en) Authority management method and device and authority control method and device
CN112702402A (en) System, method, device, processor and storage medium for realizing government affair information resource sharing and exchange based on block chain technology
CN108563697B (en) Data processing method, device and storage medium
CN115859362A (en) Data storage system, method, device and medium based on block chain side chain
CN103312682A (en) Method and system for accessing gateway safely
US11750376B2 (en) Threshold scheme enabled symmetric key member deletion
CN113240145B (en) Order-preserving encryption-based network vehicle-restraining platform and method thereof
CN106161654A (en) A kind of cloud educational system
CN106713228A (en) Cloud platform key management method and system
CN104090937A (en) Database access method and database access system based on cloud calculation
CN113011960A (en) Block chain-based data access method, device, medium and electronic equipment
CN115277007A (en) Private chain-based edge gateway authentication method, system, device and equipment
CN113434824B (en) Software service authorization management method, device, equipment and storage medium
CN116318931A (en) Attribute mapping method and system based on cross-domain access control
CN112184225B (en) Cloud rendering resource exchange method based on blockchain

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20100106