CN118503933B - Application distribution system based on authority control - Google Patents
Application distribution system based on authority control Download PDFInfo
- Publication number
- CN118503933B CN118503933B CN202410954604.3A CN202410954604A CN118503933B CN 118503933 B CN118503933 B CN 118503933B CN 202410954604 A CN202410954604 A CN 202410954604A CN 118503933 B CN118503933 B CN 118503933B
- Authority
- CN
- China
- Prior art keywords
- user
- rights
- authority
- behavior
- permission
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000013507 mapping Methods 0.000 claims abstract description 36
- 238000005192 partition Methods 0.000 claims description 35
- 230000007246 mechanism Effects 0.000 claims description 14
- 238000004364 calculation method Methods 0.000 claims description 13
- 238000000605 extraction Methods 0.000 claims description 12
- 238000012360 testing method Methods 0.000 claims description 10
- 238000010219 correlation analysis Methods 0.000 claims description 9
- 238000004458 analytical method Methods 0.000 claims description 7
- 238000012544 monitoring process Methods 0.000 claims description 7
- 238000012216 screening Methods 0.000 claims description 7
- 238000012986 modification Methods 0.000 claims description 6
- 230000004048 modification Effects 0.000 claims description 6
- 238000010606 normalization Methods 0.000 claims description 6
- 238000012217 deletion Methods 0.000 claims description 4
- 230000037430 deletion Effects 0.000 claims description 4
- 238000010276 construction Methods 0.000 claims description 3
- 230000006399 behavior Effects 0.000 description 88
- 230000009286 beneficial effect Effects 0.000 description 9
- 238000007726 management method Methods 0.000 description 7
- 230000008859 change Effects 0.000 description 3
- 238000000034 method Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 238000012549 training Methods 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- 238000012550 audit Methods 0.000 description 1
- 230000003542 behavioural effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000013468 resource allocation Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/101—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities
- G06F21/1015—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities to users
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides an application distribution system based on authority control, which belongs to the technical field of application distribution and comprises: an initial allocation module: determining a user portrait based on user identity information, and distributing initial application rights to corresponding users according to the user portrait; the behavior judging module is used for: determining permission rights of a user based on historical behavior information of the user; the permission determination module: analyzing the permission rights and the initial application rights, and determining the expansion rights of the user; and a distribution module: and distributing target application to the user according to all rights of the user and performing rights mapping control. The security of the system is improved, and the personalized permission distribution and refined permission control functions are provided.
Description
Technical Field
The invention relates to the technical field of application distribution, in particular to an application distribution system based on authority control.
Background
With the popularization of cloud computing, mobile devices and the internet of things, higher requirements are put on the distribution and management of application programs. User authentication, rights control and data security become central challenges in this area.
In terms of distribution and management of application programs, the prior art often adopts a static permission distribution mode, and permission is distributed according to basic information of users or user groups to which the users belong. However, as the user's requirements change and the behavior patterns evolve, static permissions often cannot flexibly adapt to the actual needs of the user, resulting in too loose permissions or too much restrictions.
Accordingly, the present invention introduces an application distribution system based on rights control.
Disclosure of Invention
The invention provides an application distribution system based on authority control, which is used for dynamically determining and distributing the application authority of a user by analyzing the identity information and the historical behavior of the user, provides accurate authority control, can more intelligently and flexibly manage the authority, responds to the changes of the user behavior and the demands in real time, and improves the user experience and the overall efficiency of the system.
The invention provides an application distribution system based on authority control, which comprises:
An initial allocation module: determining a user portrait based on user identity information, and distributing initial application rights to corresponding users according to the user portrait;
the behavior judging module is used for: determining permission rights of a user based on historical behavior information of the user;
The permission determination module: analyzing the permission rights and the initial application rights, and determining the expansion rights of the user;
And a distribution module: and distributing target application to the user according to all rights of the user and performing rights mapping control.
The invention provides an application distribution system based on authority control, an initial distribution module, comprising:
user portrait construction unit: inputting the user identity information into a first feature extraction model to obtain user features, and constructing a user portrait based on the user features;
Mechanism making unit: analyzing all user portraits and formulating an automatic classification mechanism;
user allocation unit: and automatically distributing each user to a corresponding permission group based on the automatic classification mechanism to obtain the initial application permission of the corresponding user.
The invention provides an application distribution system based on authority control, a behavior judgment module, comprising:
Feature extraction unit: inputting the historical behavior information of the user into a second feature extraction model to obtain key behavior features;
Description acquisition unit: extracting user behavior descriptions consistent with each key behavior feature from the historical behavior information of the user;
rule making unit: defining behavior driving rules of the corresponding user based on the user behavior description, the key behavior characteristics and preset trigger conditions;
Rule mapping unit: and matching the user behavior driving rule with a preset permission type, and determining the permission of the corresponding user.
The invention provides an application distribution system based on authority control, which presets authority types and comprises the following components: access rights, modification rights, execution rights, deletion rights, management rights.
The invention provides an application distribution system based on authority control, a rule mapping unit, comprising:
Rule analysis block: analyzing each user behavior driving rule, obtaining rule levels and rule types, and setting a first value for the corresponding user behavior driving rule based on the level-type-value mapping table;
correlation analysis block: analyzing the user behavior driving rule to obtain a behavior type and performing related analysis with a preset authority type;
Permission determination block: based on the correlation analysis result and in combination with the first value, an initial authority value corresponding to each authority of the user is determined.
The invention provides an application distribution system based on authority control, an authority determination module, comprising:
a value calculation unit: dividing the initial application permission and the permission of the corresponding user according to the permission types, and calculating the comprehensive expansion value of each division type;
extension determination unit: and determining the extension rights of the corresponding user based on the rights type of each right related to the corresponding user and the comprehensive extension value of each division type.
The invention provides an application distribution system based on authority control, a value calculation unit, comprising:
A first calculation block: calculating initial expansion value of ith authority under jth partition type ;
; Wherein, An initial authority value representing the ith authority under the jth partition type,The allowable authority value of the ith authority under the jth partition type is represented,A first weight representing an ith right under the jth partition type,Historical adjustment coefficient representing ith authority based on jth partition typeOperating environment adjustment coefficientRights adjustment coefficient、、Is used as a value-adjusting function of (a),The representation is based onIs selected from the group consisting of a first weight,Regularization coefficient representing the ith authority under the jth partition type,Representation pairIs used for the normalization of the coefficient of (c) to the (c),Representation pairIs used for the normalization of the coefficient of (c) to the (c),Representing the sign of the mapping function, and the mapping result is (0, 1),Representing the number of rights under the jth partition type;
A second calculation block: based on all initial extension values under the jth partition type Calculating corresponding comprehensive expansion value;
; Wherein, Indicating that the ith right under the jth partition type is based on historical dataOperating environmentIs a preset test function of (a); Representing an extended test index; Representing all under the jth partition type Error adjustment amount of (2); [ ] Representing a rounding symbol; The representation is based on all Is a variance of (2); The representation is based on all Is a variance of (c).
The invention provides an application distribution system based on authority control, a distribution module comprises:
A file generation unit: generating a user rights archive based on all rights according to the user;
An application screening unit: screening out target applications conforming to user rights from a target application library based on the identity information of the user;
an application distribution unit: performing authority mapping on each function of the target application according to the user authority file, and distributing the target application subjected to the authority mapping to the user;
Rights adjustment unit: and acquiring a user real-time behavior mode based on the application monitoring tool, and sending a notification to the user and carrying out mapping adjustment control on the rights of the distributed application when the rights are changed due to the user real-time behavior mode.
The invention provides an application distribution system based on authority control, which is used for dynamically determining and distributing the application authority of a user by analyzing the identity information and the historical behavior of the user, provides accurate authority control, can more intelligently and flexibly manage the authority, responds to the changes of the user behavior and the demands in real time, and improves the user experience and the overall efficiency of the system.
Drawings
In order to more clearly illustrate the invention or the technical solutions of the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are some embodiments of the invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic structural diagram of an application distribution system based on rights control according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Example 1
As shown in fig. 1, the present invention provides an application distribution system based on rights control, including:
An initial allocation module: determining a user portrait based on user identity information, and distributing initial application rights to corresponding users according to the user portrait;
the behavior judging module is used for: determining permission rights of a user based on historical behavior information of the user;
The permission determination module: analyzing the permission rights and the initial application rights, and determining the expansion rights of the user;
And a distribution module: and distributing target application to the user according to all rights of the user and performing rights mapping control.
In this embodiment, the user identity information is a series of data for identifying a user, including: user name, job position, department to which the job belongs, user preference, etc.;
In this embodiment, the user representation is a virtual representation of the user created based on user identity information, comprising: working background: user department, job position, job responsibilities, etc., working history: previous work experience, professional background, etc., skills and training: skills and training experience of users in specific fields, business requirements: specific business requirements of users in the system, such as applications and functions that need to be used;
In this embodiment, the initial application right is a set of basic rights to which the user is assigned, e.g., new employees of department A are assigned initial rights to access the company's internal website, but not to access the financial records.
In this embodiment, the historical behavior information of the user includes behavior data generated by the user when using the system or application, such as login frequency, type of resource accessed, operation performed, and the like. For example, a user may frequently access certain database resources, and this information may be used to analyze their behavior patterns;
In this embodiment, the permission rights of the user are rights that the system determines the user can be granted based on the user's historical behavior information. For example, if a user often needs to view a report, the system may allow the user to access the rights for the report.
In this embodiment, the user's extended rights are determined additional rights of the user after analyzing the user's allowed rights and initial application rights, e.g., one project manager may not have initially had access to all project-related files, and the system allocates him extended rights to access these files based on analyzing his behavior.
In this embodiment, the target application refers to a particular software application that the system distributes to the user. For example, a financial analyst may receive financial modeling software as its target application;
In this embodiment, rights mapping control is a mechanism that ensures that rights are properly assigned and used when distributing applications.
The working principle and the beneficial effects of the technical scheme are as follows: by analyzing the identity information and the historical behaviors of the user, the application permission of the user is dynamically determined and distributed, accurate permission control is provided, permission can be managed more intelligently and flexibly, the user behavior and the change of the demand can be responded immediately, and the user experience and the overall efficiency of the system are improved.
Example 2
The invention provides an application distribution system based on authority control, an initial distribution module, comprising:
user portrait construction unit: inputting the user identity information into a first feature extraction model to obtain user features, and constructing a user portrait based on the user features;
Mechanism making unit: analyzing all user portraits and formulating an automatic classification mechanism;
user allocation unit: and automatically distributing each user to a corresponding permission group based on the automatic classification mechanism to obtain the initial application permission of the corresponding user.
In this embodiment, the first feature extraction model is a model for extracting key features such as age, job position, work property, and the like from user identity information;
In this embodiment, the user feature refers to extracting a specific attribute for permission determination from the user identity information, and includes: the department, occupation, job level, etc. to which the user belongs, for example, a user may have the following features: 30 years old, software engineers, T1 department, 13 job classes, etc.
In this embodiment, the automated categorization mechanism is a system that automatically groups users according to their portraits, and automatically assigns users to groups with different access rights according to their job positions and departments.
In this embodiment, a permission group refers to a group of users with similar permission requirements that are assigned to the same group according to their roles, responsibilities, or behaviors. For example, financial sector employees may be assigned to a rights group that has rights to access financial reports and records.
The working principle and the beneficial effects of the technical scheme are as follows: by precisely building the user portraits and automated classification mechanisms, users can be quickly and efficiently assigned to appropriate permission groups,
User features are extracted through the first feature extraction model, user portraits are constructed based on the features, user requirements and preferences can be more accurately understood, a basis is provided for subsequent authority control, an automatic classification mechanism is formulated by analyzing all the user portraits, automation of user grouping is realized, manual intervention is reduced, and the efficiency of a system is improved. Each user is automatically allocated to a corresponding authority group based on an automatic classification mechanism, so that the authority control flow is simplified. And effective data support is provided for subsequent authority control.
Example 3
The invention provides an application distribution system based on authority control, a behavior judgment module, comprising:
Feature extraction unit: inputting the historical behavior information of the user into a second feature extraction model to obtain key behavior features;
Description acquisition unit: extracting user behavior descriptions consistent with each key behavior feature from the historical behavior information of the user;
rule making unit: defining behavior driving rules of the corresponding user based on the user behavior description, the key behavior characteristics and preset trigger conditions;
Rule mapping unit: and matching the user behavior driving rule with a preset permission type, and determining the permission of the corresponding user.
In this embodiment, the historical behavior information of the user refers to a data record left by the user when using the system or application, including login time, function used, frequency of operation, selection made, and the like. For example, a user may often access a project management tool in the morning of a workday;
In this embodiment, the second feature extraction model is used to extract a model of important behavior features from the historical behavior information of the user;
in this embodiment, the key behavior features refer to features that can significantly represent or influence the behavior pattern of the user, including: access frequency, duration, preference type, etc., e.g., high frequency access by a user to a particular application over a period of time may be identified as a key behavioral characteristic.
In this embodiment, the user behavior description is a specific interpretation and generalization of the user's historical behavior information, e.g., one user's behavior description is "frequent e-mail clients from 9 am to 11 am on monday to friday".
In this embodiment, the conditions predefined by the trigger condition system are preset, and when the user's behavior satisfies these conditions, a specific behavior driving rule is triggered. For example, if the user does not log into the system for three consecutive days, a preset trigger condition for a security check is triggered, three days being the preset trigger condition.
In this embodiment, the behavior-driven rule of the user is defined based on the user behavior description, the key behavior feature and the preset trigger condition, and is used to determine the permission of the user. For example, if a user accesses module A on a weekend 10 times, a behavior driven rule is defined that allows the user to access module A-related applications on the weekend.
In this embodiment, the preset permission type is matched by matching the user's behavior driven rules with the permission types defined in the system to determine which permissions the user should be granted. For example, if the behavior driven rules indicate that the user needs to access the report generating tool, the system will match and grant access rights.
The working principle and the beneficial effects of the technical scheme are as follows: by analyzing the historical behavior information of the user, the real demands of the user can be accurately identified, the most valuable information is extracted from a large amount of behavior data, a basis is provided for subsequent authority control, the behavior mode of the user can be better understood by converting abstract behavior characteristics into specific descriptions, and the system can dynamically adjust authority setting according to the actual behaviors of the user by defining behavior driving rules. Can help better realize the accurate distribution and control of the authority.
Example 4
The invention provides an application distribution system based on authority control, a rule mapping unit, comprising:
Rule analysis block: analyzing each user behavior driving rule, obtaining rule levels and rule types, and setting a first value for the corresponding user behavior driving rule based on the level-type-value mapping table;
correlation analysis block: analyzing the user behavior driving rule to obtain a behavior type and performing related analysis with a preset authority type;
Permission determination block: based on the correlation analysis result and in combination with the first value, an initial authority value corresponding to each authority of the user is determined.
In this embodiment, the rule level refers to a criterion for classifying the user behavior driving rule in the rights control system, and is set according to importance or priority of the rule, for example: the level of viewing public files is 1, and the level of viewing sensitive files is 5;
in this embodiment, the rule type refers to a class of rules, including: conventional use, advanced use, security sensitive operation;
In this embodiment, the level-type-value mapping table is a predefined table or data structure for mapping the level and type of rules to a specific value representing the weight of the rights. For example, a rule in the table specifying "level 8" and "advanced use" maps to a value of "100";
In this embodiment, the first value is derived from a level-type-value mapping table that drives the initial values of the rule settings for each user behavior based on the level and type of rule. For example, if the level of the rule is "8" and the type is "advanced use", the first value is "100" according to the mapping table.
In this embodiment, based on the correlation analysis result and in combination with the first value, it is determined that the initial authority value of each authority under the corresponding user is combined with the first value through the behavior type, and if the rule is of the level "8" and the type is "advanced use", the first value is "100" according to the mapping table, and the corresponding behavior type is: and accessing, wherein the access right is obtained by matching with the preset right type, and if the range of the right value corresponding to 100 is 90-100 based on the content determination, the initial right value of the range corresponding to 9 is 10.
The working principle and the beneficial effects of the technical scheme are as follows: by analyzing the rules driven by the user behavior, the importance and the type of the rules can be known more accurately, thereby providing a more reasonable basis for the authority control, ensuring that the user behavior and the assigned authorities have direct and proper association through the correlation analysis with the preset authority type, improving the correlation of the authority assignment and the control, and setting an initial authority value for each authority more accurately by combining the results of the rule analysis and the correlation analysis, thereby being beneficial to realizing finer granularity authority control. Personalized and dynamic rights allocation is achieved.
Example 5
The invention provides an application distribution system based on authority control, which presets authority types and comprises the following components: access rights, modification rights, execution rights, deletion rights, management rights.
In this embodiment, access rights refer to the ability of a user to view or read data and information in an application or system, including: reading, browsing, viewing, etc.;
In this embodiment, modification rights refer to the ability of a user to alter or edit data and information in an application or system, including creating new files, editing the contents of existing files, renaming files, etc.;
in this embodiment, the execution authority refers to a program, script, or command that a user can run or execute in an application program or system;
In this embodiment, deletion authority refers to the ability of a user to remove data and information from an application or system, including deleting files, directories, database records, and the like.
In this embodiment, the management authority is the highest level of authority, meaning that the user is able to perform overall management and control of the application or system, including setting or changing system configuration, managing user accounts and authorities, installing or uninstalling software, and the like.
The working principle and the beneficial effects of the technical scheme are as follows: by setting different authority types, the user can be ensured to only operate authorized applications or data, unnecessary cross and potential conflict among resources are avoided, tracking and audit are convenient, maintainability is improved, and the system is allowed to flexibly add new authorities so as to adapt to user behavior change and realize accurate authority control.
Example 6
The invention provides an application distribution system based on authority control, an authority determination module, comprising:
a value calculation unit: dividing the initial application permission and the permission of the corresponding user according to the permission types, and calculating the comprehensive expansion value of each division type;
extension determination unit: and determining the extension rights of the corresponding user based on the rights type of each right related to the corresponding user and the comprehensive extension value of each division type.
In this embodiment, the comprehensive extension value comprehensively considers the initial application rights and the permission rights of the user, calculates according to each rights type, and determines the final extension rights of the user, for example: in a file management application, the initial rights of the user only allow reading files (access rights), and based on their historical behaviors (such as frequent file access and content search), the system judges that the user can obtain the editing rights (modification rights) of the files, and the comprehensive expansion value is combined with the initial reading rights of the user and the editing rights obtained based on the behavior judgment to determine the final rights of the user.
In this embodiment, for example, the comprehensive extension value of partition type 1 is u01, the comprehensive extension value of partition type 2 is u02, u01 is greater than the preset extension value u0, and u02 is less than the preset extension value u0, at this time, it is determined that permission expansion can be performed based on partition type 1, for example, permission under partition type 1 includes permission 01 and permission 02, and common permissions under partition type 1 are permission 01 and permission 03 in history, at this time, permission 03 is regarded as an expansion permission.
The working principle and the beneficial effects of the technical scheme are as follows: rights are dynamically adjusted according to the behaviors and demands of users, so that rights are allocated more flexibly and individually. Through fine-grained authority control and intelligent authority adjustment based on behaviors, misuse and potential safety risk of improper authorities are effectively prevented, and the safety of the whole system is enhanced. The system only provides necessary rights by intelligently analyzing the actual demands of users, and optimizes the resource allocation. Flexible rights control is achieved.
Example 7
The invention provides an application distribution system based on authority control, a value calculation unit, comprising:
A first calculation block: calculating initial expansion value of ith authority under jth partition type ;
; Wherein, An initial authority value representing the ith authority under the jth partition type,The allowable authority value of the ith authority under the jth partition type is represented,A first weight representing an ith right under the jth partition type,Historical adjustment coefficient representing ith authority based on jth partition typeOperating environment adjustment coefficientRights adjustment coefficient、、Is used as a value-adjusting function of (a),The representation is based onIs selected from the group consisting of a first weight,Regularization coefficient representing the ith authority under the jth partition type,Representation pairIs used for the normalization of the coefficient of (c) to the (c),Representation pairIs used for the normalization of the coefficient of (c) to the (c),Representing the sign of the mapping function, and the mapping result is (0, 1),Representing the number of rights under the jth partition type;
A second calculation block: based on all initial extension values under the jth partition type Calculating corresponding comprehensive expansion value;
; Wherein, Indicating that the ith right under the jth partition type is based on historical dataOperating environmentIs a preset test function of (a); Representing an extended test index; Representing all under the jth partition type Error adjustment amount of (2); [ ] Representing a rounding symbol; The representation is based on all Is a variance of (2); The representation is based on all Is a variance of (c).
In this embodiment, the history adjustment coefficient is a coefficient for adjusting the authority value determined based on the use condition of the history authority, for example, if a user frequently accesses a certain folder only by reading, the history adjustment coefficient may be increased, so that more read-only authority may be provided for the user in future authority calculation;
in this embodiment, the operating environment adjustment factor is an adjustment factor determined based on the user's current operating environment. For example, if the user is operating in a network environment with a higher security level, the operating environment adjustment factor may be reduced to limit the user's rights, thereby enhancing the security of the system.
In this embodiment, the predetermined test function is a function based on historical data and operating environment for predicting rights that may be required by the user. For example, if the historical data shows that a user needs to access a particular resource at a particular time, a preset test function may be used to predict and grant corresponding permissions in advance;
In this embodiment, the extension test index is an index for measuring the possibility of rights extension. For example, a higher extended test index indicates that the user has a greater likelihood of requiring more authority.
The working principle and the beneficial effects of the technical scheme are as follows: by subdividing the user rights into different types and calculating the initial extension value and the comprehensive extension value of each type, the rights can be managed and allocated more accurately, and by considering the factors such as the initial rights value, the permission rights value, the history adjustment coefficient, the operation environment adjustment coefficient and the like, the initial extension value of each right of the user can be calculated more accurately, and the rights can be adjusted according to the actual use mode and the environment of the user. This helps the system more fully understand the user's rights requirements and thus allows more efficient rights control.
Example 8
The invention provides an application distribution system based on authority control, a distribution module comprises:
A file generation unit: generating a user rights archive based on all rights according to the user;
An application screening unit: screening out target applications conforming to user rights from a target application library based on the identity information of the user;
an application distribution unit: performing authority mapping on each function of the target application according to the user authority file, and distributing the target application subjected to the authority mapping to the user;
Rights adjustment unit: and acquiring a user real-time behavior mode based on the application monitoring tool, and sending a notification to the user and carrying out mapping adjustment control on the rights of the distributed application when the rights are changed due to the user real-time behavior mode.
In this embodiment, the user rights profile is a profile containing details of all rights of the user. For example, a user's rights archive includes the types of files they can access, the level of rights of the application being used, and any special rights.
In this embodiment, the rights mapping is a process of associating rights of a user with functions of an application. For example, if the user's rights archive shows that they can only read files in application 554, the rights map will ensure that they have only read rights in the distributed application program, and no editing rights.
In this embodiment, the application monitoring tool is a tool for tracking and monitoring how the user uses the application program. For example, the application monitoring tool may record the time a user spends in a particular application, the functions they access, and the types of operations they perform;
In this embodiment, the user real-time behavior pattern refers to the user's instant behavior when using the application. For example, a user may display a more discreet behavior pattern when processing sensitive data, or may access a help menu more frequently when using a new application;
in this embodiment, the map adjustment control is a process of adjusting the authority map of the user according to the real-time behavior pattern of the user. For example, if a user starts to use higher-level functions of an application more frequently, the system may automatically adjust its permission map to provide access to those higher-level functions.
The working principle and the beneficial effects of the technical scheme are as follows: by creating the user authority file, the authority of the user is better understood and managed, and the accuracy and the safety of authority allocation are ensured. By screening the application programs matched with the user rights, the users can be ensured to only access the applications which the users are authorized to use, by carrying out rights mapping on the application programs, the operation of the users in the application programs is ensured to accord with the rights files, the flexibility of use is improved, the system can dynamically adapt to the requirements and the behavior changes of the users by monitoring the behaviors of the users in real time and correspondingly adjusting the rights, and the safety and the user experience are improved. Dynamic authority control is realized, and working efficiency is improved.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (6)
1. An application distribution system based on rights control, comprising:
An initial allocation module: determining a user portrait based on user identity information, and distributing initial application rights to corresponding users according to the user portrait;
the behavior judging module is used for: determining permission rights of a user based on historical behavior information of the user;
The permission determination module: analyzing the permission rights and the initial application rights, and determining the expansion rights of the user;
and a distribution module: distributing target application to the user according to all rights of the user and performing rights mapping control;
wherein, permission determination module includes:
a value calculation unit: dividing the initial application permission and the permission of the corresponding user according to the permission types, and calculating the comprehensive expansion value of each division type;
extension determination unit: determining the expansion authority of the corresponding user based on the authority type of each authority related to the corresponding user and the comprehensive expansion value of each division type;
wherein the value calculation unit includes:
A first calculation block: calculating initial expansion value of ith authority under jth partition type ;
; Wherein, An initial authority value representing the ith authority under the jth partition type,The allowable authority value of the ith authority under the jth partition type is represented,A first weight representing an ith right under the jth partition type,Historical adjustment coefficient representing ith authority based on jth partition typeOperating environment adjustment coefficientRights adjustment coefficient、、Is used as a value-adjusting function of (a),The representation is based onIs selected from the group consisting of a first weight,Regularization coefficient representing the ith authority under the jth partition type,Representation pairIs used for the normalization of the coefficient of (c) to the (c),Representation pairIs used for the normalization of the coefficient of (c) to the (c),Representing the sign of the mapping function, and the mapping result is (0, 1),Representing the number of rights under the jth partition type;
A second calculation block: based on all initial extension values under the jth partition type Calculating corresponding comprehensive expansion value;
; Wherein, Indicating that the ith right under the jth partition type is based on historical dataOperating environmentIs a preset test function of (a); Representing an extended test index; Representing all under the jth partition type Error adjustment amount of (2); [ ] Representing a rounding symbol; The representation is based on all Is a variance of (2); The representation is based on all Is a variance of (c).
2. The rights control based application distribution system of claim 1, wherein the initial distribution module comprises:
user portrait construction unit: inputting the user identity information into a first feature extraction model to obtain user features, and constructing a user portrait based on the user features;
Mechanism making unit: analyzing all user portraits and formulating an automatic classification mechanism;
user allocation unit: and automatically distributing each user to a corresponding permission group based on the automatic classification mechanism to obtain the initial application permission of the corresponding user.
3. The rights control-based application distribution system according to claim 1, wherein the behavior judgment module comprises:
Feature extraction unit: inputting the historical behavior information of the user into a second feature extraction model to obtain key behavior features;
Description acquisition unit: extracting user behavior descriptions consistent with each key behavior feature from the historical behavior information of the user;
rule making unit: defining behavior driving rules of the corresponding user based on the user behavior description, the key behavior characteristics and preset trigger conditions;
Rule mapping unit: and matching the user behavior driving rule with a preset permission type, and determining the permission of the corresponding user.
4. An application distribution system based on rights control as claimed in claim 3, characterized by a rule mapping unit comprising:
Rule analysis block: analyzing each user behavior driving rule, obtaining rule levels and rule types, and setting a first value for the corresponding user behavior driving rule based on the level-type-value mapping table;
correlation analysis block: analyzing the user behavior driving rule to obtain a behavior type and performing related analysis with a preset authority type;
Permission determination block: based on the correlation analysis result and in combination with the first value, an initial authority value corresponding to each authority of the user is determined.
5. The rights control-based application distribution system of claim 4, wherein the preset rights type comprises: access rights, modification rights, execution rights, deletion rights, and management rights.
6. The rights control-based application distribution system of claim 1, wherein the distribution module comprises:
A file generation unit: generating a user rights archive based on all rights according to the user;
An application screening unit: screening out target applications conforming to user rights from a target application library based on the identity information of the user;
an application distribution unit: performing authority mapping on each function of the target application according to the user authority file, and distributing the target application subjected to the authority mapping to the user;
Rights adjustment unit: and acquiring a user real-time behavior mode based on the application monitoring tool, and sending a notification to the user and carrying out mapping adjustment control on the rights of the distributed application when the rights are changed due to the user real-time behavior mode.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410954604.3A CN118503933B (en) | 2024-07-17 | 2024-07-17 | Application distribution system based on authority control |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410954604.3A CN118503933B (en) | 2024-07-17 | 2024-07-17 | Application distribution system based on authority control |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN118503933A CN118503933A (en) | 2024-08-16 |
| CN118503933B true CN118503933B (en) | 2024-11-05 |
Family
ID=92243154
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410954604.3A Active CN118503933B (en) | 2024-07-17 | 2024-07-17 | Application distribution system based on authority control |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118503933B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115455402A (en) * | 2022-09-16 | 2022-12-09 | 中国工商银行股份有限公司 | System authority distribution method and device based on user portrait |
| CN117540404A (en) * | 2023-11-30 | 2024-02-09 | 中电云科信息技术有限公司 | Management authority matching method, device and system |
Family Cites Families (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050114672A1 (en) * | 2003-11-20 | 2005-05-26 | Encryptx Corporation | Data rights management of digital information in a portable software permission wrapper |
| CN100536565C (en) * | 2007-08-24 | 2009-09-02 | 北京市朝阳区信息网络中心 | User classification management system of image information management system |
| US11695767B2 (en) * | 2018-12-04 | 2023-07-04 | Journey.ai | Providing access control and persona validation for interactions |
| CN111935131B (en) * | 2020-08-06 | 2024-06-07 | 中国工程物理研究院计算机应用研究所 | SaaS resource access control method based on resource authority tree |
| CN111966995A (en) * | 2020-08-17 | 2020-11-20 | 福建工程学院 | User permission dynamic control method and device based on user behavior and equipment |
| CN113901436A (en) * | 2021-12-10 | 2022-01-07 | 南栖仙策(南京)科技有限公司 | Authority distribution method and device, electronic equipment and storage medium |
| CN116720174B (en) * | 2023-08-11 | 2023-10-24 | 蒲惠智造科技股份有限公司 | OA office system-based account generation authority intelligent classification supervision method |
| CN117235067A (en) * | 2023-09-07 | 2023-12-15 | 上海泛微软件有限公司 | Form field read-write permission distribution method, device, equipment and storage medium |
| CN117527378A (en) * | 2023-11-15 | 2024-02-06 | 经智纬流科技(苏州)有限公司 | Data encryption transmission method and system based on user attribute and dynamic strategy |
| CN118041547B (en) * | 2024-01-17 | 2024-10-22 | 中国华能集团有限公司北京招标分公司 | Access method of key certificate management system |
| CN118350668B (en) * | 2024-04-16 | 2024-10-22 | 宁夏农林科学院农业经济与信息技术研究所 | Grape germplasm resource data integrated management system |
| CN118157997B (en) * | 2024-05-11 | 2024-09-20 | 华能信息技术有限公司 | User authority management method |
-
2024
- 2024-07-17 CN CN202410954604.3A patent/CN118503933B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115455402A (en) * | 2022-09-16 | 2022-12-09 | 中国工商银行股份有限公司 | System authority distribution method and device based on user portrait |
| CN117540404A (en) * | 2023-11-30 | 2024-02-09 | 中电云科信息技术有限公司 | Management authority matching method, device and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN118503933A (en) | 2024-08-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9679264B2 (en) | Role discovery using privilege cluster analysis | |
| CN107506462B (en) | Data processing method and system for enterprise-level data, electronic equipment and storage medium | |
| EP2711860B1 (en) | System and method for managing role based access control of users | |
| CN113821777B (en) | Authority control method and device, computer equipment and storage medium | |
| Hummer et al. | Adaptive identity and access management—contextual data based policies | |
| EP3196798A1 (en) | Context-sensitive copy and paste block | |
| US8635162B2 (en) | Creating rules for the administration of end-user license agreements | |
| CN112506892A (en) | Index traceability management system based on metadata technology | |
| CN116541372A (en) | Data asset management method and system | |
| KR102719225B1 (en) | System for recommending similar document based on user's profile | |
| CN118503933B (en) | Application distribution system based on authority control | |
| KR102477292B1 (en) | System for classifying and recommending authority based on artificial intelligence for access authority analysis | |
| CN117633766B (en) | Service data authority granting method based on tree structure | |
| CN113360728A (en) | User operation auditing method and device, computer equipment and storage medium | |
| CN118368120A (en) | Data management method and device of operation and maintenance platform, electronic equipment and medium | |
| US20110161304A1 (en) | Deployment and compliance manager | |
| KR102659788B1 (en) | System for recommending document using dynamic change of time-series pattern information | |
| CN117407893A (en) | Data authority management method, device, equipment and medium based on API configuration | |
| Hummer et al. | Advanced identity and access policy management using contextual data | |
| JP7052370B2 (en) | Evaluation program, evaluation method and information processing equipment | |
| CN114004542A (en) | Enterprise task management method, system, computer equipment and storage medium | |
| CN113688416A (en) | Authority processing method and device | |
| US20070083474A1 (en) | Administration of end-user licence agreements | |
| CN118536482B (en) | Form flow method, device and system based on user definition and storage medium | |
| US9710774B2 (en) | Configuration of embedded intelligence |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |