CN110348183A - Based on RBAC can rapid configuration authority configuration system, method and storage medium - Google Patents
Based on RBAC can rapid configuration authority configuration system, method and storage medium Download PDFInfo
- Publication number
- CN110348183A CN110348183A CN201910451862.9A CN201910451862A CN110348183A CN 110348183 A CN110348183 A CN 110348183A CN 201910451862 A CN201910451862 A CN 201910451862A CN 110348183 A CN110348183 A CN 110348183A
- Authority
- CN
- China
- Prior art keywords
- configuration
- attribute
- menu page
- application
- attribute value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/71—Version control; Configuration management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Storage Device Security (AREA)
- User Interface Of Digital Computer (AREA)
Abstract
The present invention relates to it is a kind of can rapid configuration authority configuration system, method and storage medium, which includes: application configuration module, for newly-increased application or selects stored application;Menu page configuration module, the configuration together of menu and the page for increased newly application or selected application, tree is established by adding menu page at the same level or sub- grade menu page, and will be in the attribute value under the menu page automatic synchronization to menu page attribute that configured;Data attribute configuration module establishes sane level structure or tree, carries out the configuration of data attribute value for establishing data attribute under increased newly application or selected application, and by adding attribute value at the same level or sub- grade attribute value;Permission configuration module, for combining attribute value under operation and menu page attribute and under data attribute to form license;Authorization configuration module gives permission to the role, and by role authorization to user for increasing role newly.
Description
Technical field
The present invention relates to the rights management techniques field of industrial application more particularly to it is a kind of based on RBAC can rapid configuration
Authority configuration system, method and storage medium.
Background technique
For traditional access control (autonomous access, force access), the right access control of based role
(Role-Based Access Control, RBAC) is widely paid close attention to as a kind of new rights management mode.
In RBAC, permission is associated with role, and user obtains these roles' by becoming the member of appropriate role
Permission, and then greatly simplifie configuration and management for permission.In a tissue, role is to complete various work
And create, user is then assigned corresponding role according to its responsibility and qualification, and user can be easily from a role
It is assigned to another role.The merging of the demand and system of role Ke Yixin and assign new permission, and permission can also basis
It needs and is recycled from certain role.License to the access authority of user, the role usually taken in a tissue by user
To determine.License is granted to role in RBAC, and role is granted to user, and user is not direct to be associated with license.RBAC is to visit
Ask that the authorization of permission is managed collectively by administrator, locating role accesses and authorizes control RBAC within the organization using user
System, authorization regulation impose on user, and access authority automatically cannot be transmitted to other people by user, this is a kind of non-autonomous type collection
Chinese style access control scheme.
The target of authority configuration system is exactly to carry out permission control to all object resources and data resource of application system,
For example the column that show of the function menu of application system, the button at each interface, file, data and various row grade data carry out permission
Manipulation.Authority configuration system first has to carry out permission control to resource, if wanting to carry out more fine-grained control to resource, needs
Classification distribution control is carried out to access authorization for resource.Secondly, rights service needs to establish user-role-license incidence relation.Perhaps
Can be associated with role, role with user-association, realizes the logical separation of user and license again.License is a certain number of permissions
Set, be the main body of authority configuration system comprising object and operation.Object is generally resource, and resource is summarized simply as follows quiet
State resource (menu, the page, page control and page elements) and dynamic resource (data), also referred to as object resource and data
Resource.Operation generally comprises increase, deletion, modification, inquiry, deletion, importing, export operation etc..License will be endowed role, and
It is not user.As soon as this user has the license that the role is included when a role is assigned to user.
Currently, existing authority configuration system generally has following ten concrete operations: 1) increasing application newly;2) new added pages and
Page resource (control on the page);3) menu nodes are increased newly, and are associated with respective page;4) menu nodes and the page are same
The attribute value into attribute is walked, increases data attribute attribute value newly;5) operation is allocated to attribute;6) for more fine-grained control
Access authorization for resource processed classifies to attribute;7) attribute value and operation are combined, forms license;8) role is increased newly;9) license is assigned
Give role;10) by role authorization to the user under mechanism unit.However in practice, since configuration step is various, for first
For access right configures the personnel of system, the realization of these configuration flows and system is not very familiar with, and is difficult upper hand quickly
It is configured.
Summary of the invention
In order to solve the above-mentioned technical problems, the present invention provides a kind of based on RBAC can rapid configuration authority configuration system
System and method, which has carried out simplified processing to the configuration flow of existing authority configuration system, convenient for fast having
It is authorized to effect, and permission resource is safeguarded.
According to an aspect of the invention, there is provided a kind of authority configuration system, comprising:
Application configuration module for newly-increased application or selects stored application;
Menu page configuration module, for increased newly application or the menu of selected application and matching together for the page
It sets, establishes tree by adding menu page at the same level or sub- grade menu page, and the menu page configured is automatic
It is synchronized in the attribute value under menu page attribute;
Data attribute configuration module, for establishing data attribute under increased newly application or selected application, and
By adding attribute value at the same level or sub- grade attribute value, sane level structure or tree are established, the configuration of data attribute value is carried out;
Permission configuration module, for that will operate and the attribute under under the menu page attribute the and described data attribute
Value is combined to form license;And
Authorization configuration module gives the permission to the role, and the role authorization is given for increasing role newly
User.
Preferably, the attribute value includes ID and coding,
The menu page configuration module extracts the ID of the menu page and coding is used as the menu page attribute
Under attribute value,
The ID and coding that the data attribute configuration module extracts business datum are as the attribute under the data attribute
Value.
Preferably, the operation is predefined, supports Dynamic expansion, including but not limited to: increase, delete, modifying,
Inquiry is imported and is exported,
Attribute value default configuration under the menu page attribute has inquiry operation,
Attribute value default configuration under the data attribute has increase, deletion, modification and inquiry operation.
Preferably, each operation can be combined with one or more attribute values, also, each attribute value can be with one
Or multiple operations combine.
Preferably, the role can be made of one or more users, each user is authorized can possess one or
Multiple roles, each role can possess one or more licenses, and each license can license to one or more different angles
Color.
Preferably, the system is stored with menu page template and data attribute templates,
The menu page configuration module is also used in the configuration menu page, imports the menu page template in batches,
The data attribute configuration module is also used in configuration data attribute, imports the data attribute template in batches.
According to another aspect of the present invention, provide it is a kind of based on RBAC can rapid configuration authority configuring method,
Include:
Application configuration step for newly-increased application or selects stored application;
Menu page configuration step, for increased newly application or the menu of selected application and matching together for the page
It sets, establishes tree by adding menu page at the same level or sub- grade menu page, and the menu page configured is automatic
It is synchronized in the attribute value under menu page attribute;
Data attribute configuration step, for establishing data attribute under increased newly application or selected application, and
By addition peer or sub- grade attribute value, sane level structure or tree are established, carries out the configuration of data attribute value;
Permission configuration step, for that will operate and the attribute under under the menu page attribute the and described data attribute
Value is combined to form license;And
Authorization configuration step gives the permission to the role, and the role authorization is given for increasing role newly
User.
Preferably, the attribute value includes ID and coding,
The operation is predefined, support Dynamic expansion, including but not limited to: increasing, delete, modify, inquire, lead
Enter and export,
Attribute value default configuration under the menu page attribute has inquiry operation,
Attribute value default configuration under the data attribute has increase, deletion, modification and inquiry operation.
Preferably, in configuration process, as soon as every completion configuration step, automatically saves the configuration step, so that when matching
After setting process interrupt, the configuration process interrupted can be selected to continue to configure.
According to another aspect of the present invention, provide a kind of storage medium, be stored thereon with executable code, it is described can
Execute code when being executed by processor, make the processor execute it is provided by the invention based on RBAC can rapid configuration power
Limit configuration method.
Compared with prior art, one or more embodiments in above scheme can have following advantage or beneficial to effect
Fruit:
Using it is provided in an embodiment of the present invention based on RBAC can the authority configuration system of rapid configuration, method and storage be situated between
Matter optimizes promotion to the configuration flow of authority configuration system, extracts application configuration, menu page configuration, data attribute
Five configuration, permission configuration and authorization configuration parts, as rapid configuration content, user-friendly authority configuration system is mentioned
High efficiency, it is applied widely, it operates more flexible.
In application configuration, configuration personnel can directly select stored application in database, or the newly-increased application of selection
Operation increases new application newly.In menu page configuration, such as menu page or son at the same level can be added by drag operation
Grade menu page establishes tree, is increased newly one by one to menu page.It is newly-increased that batch can also be carried out by import operation,
And the menu page configured is extracted to the ID and coding of menu page, the attribute value being synchronized under menu page attribute automatically
In.In data attribute configuration, newly-increased operation can be passed through under data attribute, it is flat to add at the same level or sub- grade attribute value foundation
Level structure or tree increase data attribute value newly one by one.It is newly-increased that batch can also be carried out by import operation, may be used also
Increased newly by business application system far call by api interface.In permission configuration, will operation and menu page attribute or
The attribute value of person's data attribute combines to form license.In authorization configuration, Role Information is filled in, increases role newly, license is assigned
The role is given, by the role authorization to user.To sum up, the quick of authority configuration system and method provided in an embodiment of the present invention is matched
The configuration flow that process is set relative to existing authority configuration system is simple and clear, and convenient for configuration, personnel are operated with.
Other features and advantages of the present invention will be illustrated in the following description, and partly becomes from specification
It is clear that understand through the implementation of the invention.The objectives and other advantages of the invention can be by wanting in specification, right
Specifically noted structure is sought in book and Figure of description to be achieved and obtained.
Detailed description of the invention
Attached drawing is used to provide further understanding of the present invention, and constitutes part of specification, with reality of the invention
It applies example and is used together to explain the present invention, be not construed as limiting the invention.
Fig. 1 diagrammatically illustrates RBAC model.
Fig. 2 diagrammatically illustrates the schematic diagram of existing authority configuration system.
Fig. 3 diagrammatically illustrate it is according to an embodiment of the invention based on RBAC can rapid configuration authority configuration system
Block diagram.
Fig. 4 diagrammatically illustrate it is according to an embodiment of the invention based on RBAC can rapid configuration authority configuration system
Application configuration module operation interface design drawing.
Fig. 5 diagrammatically illustrate it is according to an embodiment of the invention based on RBAC can rapid configuration authority configuration system
Menu and page configuration module operation interface design drawing.
Fig. 6 diagrammatically illustrate it is according to an embodiment of the invention based on RBAC can rapid configuration authority configuration system
Permission configuration module operation interface design drawing.
Fig. 7 diagrammatically illustrate it is according to an embodiment of the invention based on RBAC can rapid configuration authority configuration system
Authorization configuration module operation interface design drawing.
Specific embodiment
Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings and examples, how to apply to the present invention whereby
Technological means solves technical problem, and the realization process for reaching technical effect can fully understand and implement.It needs to illustrate
As long as not constituting conflict, each feature in each embodiment and each embodiment in the present invention can be combined with each other,
It is within the scope of the present invention to be formed by technical solution.
Meanwhile in the following description, for illustrative purposes and numerous specific details are set forth, to provide to of the invention real
Apply the thorough understanding of example.It will be apparent, however, to one skilled in the art, that the present invention may not necessarily use here
Detail or described ad hoc fashion are implemented.
In order to more fully understand it is of the invention based on RBAC can rapid configuration authority configuration system and permission match
Set method.It is simply introduced firstly, for the principle of RBAC model.
RBAC (access control based roles, Role-Based Access Control) supports generally acknowledged security doctrine:
Principle of least privilege, responsibility degree principle and the data principle of abstraction.These three principles have detailed explanation in the prior art,
This is repeated no more.RBAC includes user (Users), role (Roles), license (Permissions), object (Objects), behaviour
Make (Operations), distribution (Assignment) and session (Session) information, indicates use using these information RBAC models
Relationship between family, role, access authority and session.
Fig. 1 diagrammatically illustrates RBAC model.As shown in Figure 1, including user, role, object, operation in RBAC model
With five master data elements of license.And it is mapping between role's set of user and activation that session, which indicates,.
In RBAC model, user refers to the personnel under organization, is a specific people, such as Zhang San or Lee
Four be exactly a user.No matter for which user, he must belong to some department first, and department is administrative single
Position, and some department also may include multiple users.For example, there are 10 employees in certain houses market portion, then market department is one
Department, and this 10 employees are exactly 10 users, therefore the relationship of department and user are one-to-many relationship.Role is license
Carrier, it is therefore an objective to the user-isolated logical relation with license.One role may include multiple users, and a user is similarly
It may belong to multiple roles, so the relationship of role and user are the relationship of multi-to-multi.
For example, Zhang San concurrently acts as research and development department manager and vice general manager in a company, then for this user of Zhang San
For, he is just corresponding there are two role, and a role is research and development department manager, another role is vice general manager, and here it is above-mentioned
The user mentioned may belong to multiple roles.For another example other than Zhang San, the vice general manager of this company there are also Li Si and
King five, then for this role of vice general manager, are just corresponding with Zhang San, Li Si and king five these three users, here it is upper
Stating the role mentioned may include multiple users.
License is the set of a certain number of permissions, is the main body of authority configuration system comprising object and operation.Object
Generally resource, resource are summarized simply as follows static resource (menu, the page, page control and page elements) and dynamic resource (number
According to), also referred to as object resource and data resource.Operation can customize, and support Dynamic expansion, including but not limited to: increasing
Add, delete, modifying, inquiring, deleting, importing, exporting operation etc..
In RBAC model, permit directly to be given to role, rather than user.When a role is assigned to a use
When family, this user just has the permission that the role is included.In most cases, between user, role and license three
Relationship can regard role as one container, have many consumers in this container, have many licenses, be between user and license
The relationship of multi-to-multi, user are associated by role with license.
Fig. 2 diagrammatically illustrates the schematic diagram of existing authority configuration system.As shown in Fig. 2, existing authority configuration system
System has been divided into Resource Server, role service and authorization server.Resource Server is for resources such as menu, the page and data
Configuration, authorization server is mainly used for generating license, and the license distribution that role service is used to generate authorization server
It gives role (or mechanism), then role (or mechanism) is distributed into user or tenant.The system uses access control based roles
Modelling embodies the security doctrine of minimum right principle, responsibility degree principle and the data principle of abstraction, is suitable for rent more
Under family, more application models, provide uniform permission administration service, realize mechanism, user, menu, role, operation, object and it
Between management and the definition of relevant service interface such as relationship.
However, the configuration step of this authority configuration system is excessively various, and these configuration steps are also dispersed in not
Among same server, this causes very big puzzlement for configuration personnel, has also aggravated the work load of configuration personnel.Especially
For the configuration personnel of first access right system, the operation of these configuration flows and system is not very familiar with, and is difficult
Configuration successful generally requires that configuration could be completed under the leading of experienced configuration personnel, causes human resources
Waste.
It is excessively various for the configuration step that solves authority configuration system in the prior art, it is not easy the technical issues of configuring, this
Invent an embodiment provide it is a kind of based on RBAC can rapid configuration authority configuration system.
The authority configuration system has carried out simplified processing to the configuration flow of existing authority configuration system, passes through following five
The configuration flow of permissions data can be completed in the configuration of a module, authorizes effective and rapidly convenient for user, and to permission resource
It is safeguarded.
Fig. 3 diagrammatically illustrate it is according to an embodiment of the invention based on RBAC can rapid configuration authority configuration system
Block diagram.As shown in figure 3, the authority configuration system includes: application configuration module, menu page configuration module, data attribute
Configuration module, permission configuration module and authorization configuration module.Specifically, the authority configuration system that one embodiment of the invention provides is pressed
Five modules are successively divided into according to configuration sequence, i.e. application configuration module, menu page configuration module, data attribute configures mould
Block, permission configuration module and authorization configuration module.
As can be seen that the authority configuration system that one embodiment of the invention provides fully aware ofly will be between each configuration module
Sequence show on system interface, facilitate understanding of the configuration personnel to the entire configuration flow of this system in this way.Configuration personnel
The sequence between modules that can be divided according to authority configuration system is sequentially completed the configuration for permission, shortens configuration
It the time of permission, improves work efficiency.
Specifically, which configures system, comprising:
Application configuration module for newly-increased application or selects stored application;
Menu page configuration module, for increased newly application or the menu of selected application and matching together for the page
It sets, establishes tree by adding menu page at the same level or sub- grade menu page, and certainly by the menu configured and the page
It is dynamic to be synchronized in the attribute value under menu page attribute;
Data attribute configuration module, for establishing data attribute under increased newly application or selected application, and
By adding attribute value at the same level or sub- grade attribute value, sane level structure or tree are established, the configuration of data attribute value is carried out;
Permission configuration module, for that will operate and the attribute under under the menu page attribute the and described data attribute
Value is combined to form license;And
Authorization configuration module, for increasing role newly, by permission to role, and by role authorization to user.
Existing authority configuration system is typically all to configure entire configuration process step by step, until all configuration process
All terminate just configuration to complete.If period is necessary when configuring again because certain factors that can not disobey terminate configuration process
The information configured before is reconfigured.For this purpose, in an embodiment of the present invention, application configuration module is answered for newly-increased
With or the stored application of selection.Specifically, in an embodiment of the present invention, application configuration module can be chosen using behaviour
Make.For example, Fig. 4 show it is according to an embodiment of the invention based on RBAC can rapid configuration authority configuration systematic difference
The design drawing of the operation interface of configuration module.As shown in figure 4, selecting already existing application in the system interface of application configuration
Record, after clicking the record, is automatically displayed in current application frame, when avoiding to carry out application configuration so again again again
Configuration.
In order to guarantee to apply the continuous renewal of data in database, application configuration module can carry out next step operation.It is answering
It with newly-increased button is provided in the operation interface of configuration, clicks the button, the configuration interface of a newly-increased application will be popped up.When filling out
Parameter must be filled out by writing, and after clicking save button, be saved in database using data, and automatically select currently newly-increased application, be jumped
Go to next configuration interface.Specifically, the next step operation in application configuration module has the function of automatically saving.It is configuring
The complete newly-increased application of personnel depaly is clicked when operating in next step, this is engraved in while jump to next configuration interface, is
The application data for being currently configured interface can be saved in database by system.The application for allowing for configuring every time in this way can all save
Into database, and then the continuous renewal that data are applied in database is realized, in order to which this can be directly selected when configuration next time
The application data of configuration.
Existing authority configuration system after configuring the application, is configured to the page first, after configuring the page, then it is right
Menu is configured.However, the configuration information of menu and the page has repeatability, portion will lead to the page and menu separate configuration
The case where dividing configuration information repeatedly to configure when the page and menu configure.For this purpose, in an embodiment of the present invention, menu page is matched
Module is set, it is at the same level by addition for the configuration together of menu and the page to increased newly application or selected application
Menu page or sub- grade menu page establish tree, and the menu page configured is synchronized under menu page attribute
Attribute value in.Specifically, page configuration and menu configuration are fused to by the authority configuration system that one embodiment of the invention provides
Menu page configuration.Menu page configuration module can increase menu page newly by newly-increased operation one by one, at the same level by addition
Menu page or sub- grade menu page, and establish the tree of the menu and the page, can also by import operation into
Row batch is newly-increased.
For example, Fig. 5 show it is according to an embodiment of the invention based on RBAC can rapid configuration authority configuration system
Menu and page configuration module operation interface design drawing.As shown in figure 5, concrete operations are as follows: firstly, configuration personnel's example
Such as arrive integration testing by pulling a default menu page table entry, a newly-increased menu, fill in menu must after defeated parameter (such as
Title, coding), it clicks and saves, just increased first menu newly.Again pull a default menu page table entry to just increased newly
Newly-increased at the same level or sub- grade menu can be completed in menu item peer or junior, and the leaf node menu item finally added is exactly page
Face.It should be noted that the page is exactly function pages, it is necessary to change the address URL of the page comprising accessing, and may also include page
Page resource on face, such as the control on the page, including control ID and control title etc., so if to control the page on the page
Control can also configure page resource herein.In addition, the child node or subset of tree node can be moved to very easily
In the peer of another node or sub- grade, change the layout of entire menu, without the menu subtree of fault relationships will be established
It is rebuild again after deletion, the effect of drag operation is consistent with the menu tree actually shown, and details are not described herein for operation.
By aforesaid operations, the tree structure of menu and the page is just established.And configuration process is easy, direct, configuration
Personnel can understand and modify quickly, and then save setup time, facilitate the operation of configuration personnel.In the present invention one
In embodiment, sane level structure can also be established between menu and menu at the same level.
It should be noted that in an embodiment of the present invention, the page is leaf node.Wherein, leaf node is discrete
Concept in mathematics.There is no the node of child node (i.e. degree is 0) to be known as leaf node in one tree, referred to as " leaf ".Also
It is to say, in an embodiment of the present invention, the page cannot increase the sub- grade page newly again, can only increase the page at the same level newly, i.e., each page
It is all relationship at the same level between other pages under same menu.
In an embodiment of the present invention, the tree structure displaying of the menu and the page established is on system interface, in this way
Configuration personnel can intuitively see the relationship between configured menu and the page, will compared to existing Rights Management System
For the page and menu separate configuration, the Rights Management System that one embodiment of the invention provides be more convenient for configuring personnel to having matched
The menu and the page set carry out examination and maintenance.
In an embodiment of the present invention, to be configured convenient for configuration personnel for menu and the page, menu page configuration
Module can carry out import operation.When specifically, to avoid menu and larger page configuration quantity, configuration personnel need new one by one
Increase.Menu page template is stored in the database of this system, menu page configuration module can carry out import operation, pass through rear end
Establish being associated with for the import operation and menu page template.Configuration personnel are inputted to be imported by clicking import operation
The type and quantity of menu page template, the menu page template batch of respective type and respective numbers can be directed by system is
It unites on interface, and then avoids configuration personnel and increase menu and the page newly one by one, alleviate the workload of configuration personnel, save and match
Setting the time facilitates maintenance work.
In the configuration process of menu page, a menu page item, all automatic synchronization to menu page category are often configured
In the attribute value of property.The authority configuration system that one embodiment of the invention provides will submit operation and simultaneously operating to combine, and configure people
Member need to only click the submission operation being arranged in menu page configuration module, can will be currently configured the menu data or the page at interface
Data are saved in database, and will be currently configured the attribute value under the menu page automatic synchronization to menu page attribute at interface
In.
More specifically, the authority configuration system that one embodiment of the invention provides is by extracting the menu and page configured
The ID and coding of both different type resources of face, and as the attribute value under menu page attribute.When configuration personnel point
When hitting the submission operation in menu page configuration module, system can save the menu data for being currently configured interface or page data
Into database, while the ID and coding that extract the menu configured or the page both different type resources are as menu page
Attribute value under the attribute of face.The present invention is by the ID of control object and the unified attribute value extracted as attribute of coding as a result, in this way
Be conducive to unitize resource.
Data attribute configuration module, for establishing data attribute under newly-increased application or selected application, in data
By adding attribute value at the same level or sub- grade attribute value under attribute, sane level structure or tree are established, data attribute value is carried out
Configuration.For some data attribute in addition to menu page under applying, data attribute configuration module extracts business datum
ID and coding as the attribute value under data attribute.Wherein, business datum refers to permission system and/or access right system
Third party's operation system in data.In data attribute configuration, it can be increased newly one by one under data attribute, add same series
It according to attribute value or subseries according to attribute value, and establishes and carries out sane level structure or tree, data attribute value is configured.
Data attribute template can also be imported by import operation increase newly in batches, it can also be by api interface, by service application system
Far call of uniting is newly-increased or deletes, and establishes sane level structure or tree by addition peer or sub- grade attribute value.And it will work as
The data attribute Value Data of preceding configuration interface is saved in database.
In an embodiment of the present invention, permission configuration module, for that will operate and menu page attribute or data attribute
Under attribute value combine with formed license.Specifically, license is commonly referred to as permission comprising control object and operation, control
Object processed is generally the resources such as resource, including menu, the page, data attribute, and operates and can customize, and supports Dynamic expansion,
Including but not limited to: increase, delete, modification, inquiry, import and export operation etc..For example, Fig. 6 shows according to the present invention one
Embodiment based on RBAC can rapid configuration authority configuration system permission configuration module operation interface design drawing.Such as
Shown in Fig. 6, in an embodiment of the present invention, permission configuration module can carry out newly-increased operation, configuration operation and save operation.Permitted
When configurable, configuration personnel increase license newly by newly-increased operation.A certain license is selected, configuration operation is clicked, selection to be configured
Attribute value, then distribute corresponding operation to the attribute value, configure click and save operation, generate license, system can be permitted this
It can store in database.
For the license of all configurations of the authority configuration system of one embodiment of the invention offer, inquiry
Operation is default essential option, i.e., all includes inquiry operation in all licenses.Specifically, in permission configuration, pass through rear end
The realization of code has inquiry operation for all attribute values all default configurations, and configuration personnel only need to select other operations i.e.
Can, other operations can customize, and support Dynamic expansion, including but not limited to: increasing operation, delete operation, modification operation, lead
Enter operation and export operation.In an embodiment of the present invention, the attribute value under menu page attribute, which is all defaulted, has inquiry operation,
I.e. in permission configuration, the attribute value under menu page attribute is all in conjunction with inquiry operation, and the attribute value under data attribute is all
Default has increase, deletion, modification and inquiry operation.
In an embodiment of the present invention, authorization configuration module, for increasing role newly, by permission to role, by role
License to user.For example, Fig. 7 show it is according to an embodiment of the invention based on RBAC can rapid configuration authority configuration system
The design drawing of the operation interface of the authorization configuration module of system.As shown in fig. 7, specifically, in authorization configuration, filling in role's letter
Breath increases role newly, and by permission to role, by role authorization to user, system can arrive above-mentioned authorization configuration data storage
In database.Wherein, authorization configuration supports single authorization, multinomial authorization and all authorizations.When a role is granted to one
When user, this user just has the license that the role is included, for each user, because all including in all licenses
Inquiry operation, therefore each user has the permission of inquiry.
As described above, existing authority configuration system is typically all to configure entire configuration process step by step, Zhi Daosuo
Having configuration process all terminates just configuration completion.If period because certain factors that can not disobey terminate configuration process, matches again
When setting must accent be initially configured.For this purpose, in an embodiment of the present invention, in configuration process, one configuration step of every completion,
The system just automatically saves the configuration step, so that the configuration process interrupted can be selected to continue after configuration process is interrupted
It is configured.For example, the application data for being currently configured interface can be saved in database by system as described above in application configuration
In;In menu page configuration, the menu data for being currently configured interface or page data can be saved in database by system;?
When data attribute configures, the properties Value Data of the data attribute for being currently configured interface can be saved in database by system;Permitted
When configurable, system can store the license of generation into database;In authorization configuration, system can be by above-mentioned authorization configuration number
According to storage into database.
In addition, to enable selection interrupt configuration process continue to configure, in an embodiment of the present invention, dish
Single-page configuration module, data attribute configuration module, permission configuration module and authorization configuration module can also be carried out using selection behaviour
Make, for selecting application.Selection application after, menu page configuration module, data attribute configuration module, permission configuration module and
Authorization configuration module to the configuration data in selected application can carry out menu page configuration and/or data attribute configuration and/
Perhaps configurable and/or authorization configuration.
Specifically, in menu page configuration module, data attribute configuration module, permission configuration module and authorization configuration module
It is both provided on corresponding interface using combobox, has the whole applications stored in database using showing in combobox.?
During menu page configuration, data attribute configuration, permission configuration and authorization configuration, configuration personnel can be at its interface
Using the application for wanting to configure is selected in combobox, after selection application, system can transfer out the institute of the application from database
Some configuration datas comprising this applies the application configuration data in application configuration, the menu page in menu page configuration
Face configuration data, data attribute configuration when data attribute Value Data, in permission configuration when permission configuration data and awarding
Authorization configuration data when power configuration.
It should be noted that all configuration datas for the application transferred be configuration personnel before be configured with and
Data in the database are stored.If from being not configured before configuration personnel, such as not configured before the application
License and authorization are crossed, then all configuration datas of the application only include application configuration data and menu page configuration data.
At this point, transferring out all configuration datas of the application.Configuration personnel can then be configured by menu page
Module, data attribute configuration module, permission configuration module and authorization configuration module to it is selected be also not configured applied
At menu page configuration and/or data attribute configuration and/or permission configuration and/or authorization configuration.Such one embodiment of the invention
The authority configuration system of offer just has optional configuration feature, so as to avoid can only a step on earth, also unfinished matches
The problem of setting the troublesome operation for needing to reconfigure.If one embodiment of the invention provide authority configuration system because it is certain can not
Such as suspension of the factor of disobedience powers off, and terminates authority configuration process, and when being again turned on rapid configuration, it is unfinished to can choose last time
Configuration step, continue to complete configuration.
Correspondingly, the embodiment of the present invention also provide it is a kind of based on RBAC can rapid configuration authority configuring method, comprising:
Application configuration step for newly-increased application or selects stored application;
Menu page configuration step, for increased newly application or the menu of selected application and matching together for the page
It sets, establishes tree by adding menu page at the same level or sub- grade menu page, and the menu page configured is automatic
It is synchronized in the attribute value under menu page attribute;
Data attribute configuration step, for establishing data attribute under increased newly application or selected application, and
By addition peer or sub- grade attribute value, sane level structure or tree are established, carries out the configuration of data attribute value;
Permission configuration step, for that will operate and the attribute under under the menu page attribute the and described data attribute
Value is combined to form license;And
Authorization configuration step gives the permission to the role, and the role authorization is given for increasing role newly
User.
In an embodiment of the present invention, attribute value includes ID and coding, and operation can customize, and supports Dynamic expansion, packet
Include but be not limited to: increase deletes, modification, inquiry, imports and export.In menu page configuration step, the menu that will configure
It include: the ID for extracting menu page and coding in attribute value under page automatic synchronization to menu page attribute as menu page
Attribute value under the attribute of face.In data attribute configuration step, addition peer or sub- grade attribute value include: to extract business number
According to ID and coding as the attribute value under data attribute.Wherein, business datum refers to permission system and/or access right system
Data in third party's operation system of system.
In configuration process, as soon as every completion configuration step, automatically saves the configuration step, so that when in configuration process
It has no progeny, the configuration process interrupted can be selected to continue to configure.
Specifically, it in application configuration, clicks and operates in next step, the application data for being currently configured interface are saved in data
In library, and jump to next configuration interface.
In menu page configuration, menu page at the same level or sub- grade menu page can be added for example, by drag operation
Face, and establish the tree of the menu and the page.Import operation can also be clicked, when configuring the menu and the page,
Batch imports the menu page template stored in database.And the menu data for being currently configured interface or page data are saved in
In database, and the ID and coding that extract menu page are as the attribute value under menu page attribute.
It in data attribute configuration, can be increased newly one by one under data attribute, add data attribute value at the same level or sub- grade
Data attribute value, and establish and carry out sane level structure or tree, data attribute value is configured.It can also be grasped by importing
Make to carry out to increase newly in batches, can also be increased newly or be deleted by business application system far call by api interface, it is same by adding
Grade or sub- grade attribute value establish sane level structure or tree.And the data attribute Value Data for being currently configured interface is saved in
In database.
In permission configuration, by newly-increased operation, license is increased newly.A certain license is selected, configuration operation is clicked, selection is wanted
The attribute value of configuration, then corresponding operation is distributed to the attribute value, it configures click and saves operation, generate license.And it will be current
The license data of configuration interface is saved in database.Wherein, inquiry operation is default essential option, all for all attribute values
Default configuration has inquiry operation.In an embodiment of the present invention, the attribute value default configuration under menu page attribute has inquiry to grasp
Make, the attribute value default configuration under data attribute has increase, deletion, modification and inquiry operation.
In authorization configuration, by newly-increased operation, role is increased newly, by permission to role, by role authorization to user,
And the authorization data for being currently configured interface is saved in database.
In menu page configuration, data attribute configuration, permission configuration and authorization configuration, clicks and apply selection operation, choosing
Application is selected, after selection application, by menu page configuration, data attribute configuration, permission configuration and authorization configuration to selected
The configuration data of application carry out menu page configuration and/or data attribute configuration and/or permission configuration and/or authorization configuration.
It preferably, is using combobox using selection operation, showing has the whole applications stored in database.
Correspondingly, the embodiment of the present invention also provides a kind of storage medium, is stored thereon with executable code, described executable
Code makes the processor execute can quickly match based on RBAC provided such as one embodiment of the invention when being executed by processor
The authority configuring method set.
It is mentioned in conclusion the present invention optimizes the configuration flow of existing authority configuration system and authority configuring method
It rises, application configuration, menu page configuration, five data attribute configuration, permission configuration and authorization configuration parts is extracted, as fast
Speed configuration content, user-friendly authority configuration system improves efficiency, applied widely, operates more flexible.
It should be understood that disclosed embodiment of this invention is not limited to particular procedure step disclosed herein or material
Material, and the equivalent substitute for these features that those of ordinary skill in the related art are understood should be extended to.It should also be understood that
It is that term as used herein is used only for the purpose of describing specific embodiments, and is not intended to limit.
" embodiment " mentioned in specification means that the special characteristic or characteristic described in conjunction with the embodiments is included in the present invention
At least one embodiment in.Therefore, the phrase " embodiment " that specification various places throughout occurs might not refer both to same
A embodiment.
Those skilled in the art should be understood that unit described in conjunction with the examples disclosed in the embodiments of the present disclosure and
Algorithm steps can be realized with electronic hardware, computer software, or a combination of the two, in order to clearly demonstrate hardware and soft
The interchangeability of part generally describes each exemplary composition and step according to function in the above description.These function
It can be implemented in hardware or software actually, the specific application and design constraint depending on technical solution.This field
Technical staff each specific application can be used different methods to achieve the described function, but it is this realization not
It is considered as beyond the scope of this invention.
The step of method described in conjunction with the examples disclosed in this document or algorithm, can directly be held with hardware, processor
The combination of capable software module or the two is implemented.Software module can be placed in random access memory (RAM), memory, read-only deposit
Reservoir (ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or technology neck
In any other form of storage medium well known in domain.
While it is disclosed that embodiment content as above but described only to facilitate understanding the present invention and adopting
Embodiment is not intended to limit the invention.Any those skilled in the art to which this invention pertains are not departing from this
Under the premise of the disclosed spirit and scope of invention, any modification and change can be made in the implementing form and in details,
But protection scope of the present invention still should be subject to the scope of the claims as defined in the appended claims.
Claims (10)
1. it is a kind of based on RBAC can rapid configuration authority configuration system, comprising:
Application configuration module for newly-increased application or selects stored application;
Menu page configuration module, the configuration together of menu and the page for increased newly application or selected application,
Tree, and the menu page automatic synchronization that will be configured are established by adding menu page at the same level or sub- grade menu page
In attribute value under to menu page attribute;
Data attribute configuration module for establishing data attribute under increased newly application or selected application, and passes through
Attribute value at the same level or sub- grade attribute value are added, sane level structure or tree are established, carries out the configuration of data attribute value;
Permission configuration module, for that will operate and the attribute value phase under under the menu page attribute the and described data attribute
In conjunction with to form license;And
Authorization configuration module gives the permission to the role, and by the role authorization to use for increasing role newly
Family.
2. authority configuration system according to claim 1, wherein
The attribute value includes ID and coding,
The ID and coding that the menu page configuration module extracts the menu page are as under the menu page attribute
Attribute value,
The ID and coding that the data attribute configuration module extracts business datum are as the attribute value under the data attribute.
3. authority configuration system according to claim 1, wherein
The operation is predefined, support Dynamic expansion,
Attribute value default configuration under the menu page attribute has inquiry operation,
Attribute value default configuration under the data attribute has increase, deletion, modification and inquiry operation.
4. authority configuration system according to claim 1, wherein each operation can mutually be tied with one or more attribute values
It closes, also, each attribute value can be combined with one or more operation.
5. authority configuration system according to claim 1, wherein the role can be made of one or more users,
Each user is authorized can to possess one or more roles, and each role can possess one or more licenses, each license
One or more different roles can be licensed to.
6. authority configuration system according to claim 1, wherein
The system is stored with menu page template and data attribute templates,
The menu page configuration module is also used in the configuration menu page, imports the menu page template in batches,
The data attribute configuration module is also used in configuration data attribute, imports the data attribute template in batches.
7. it is a kind of based on RBAC can rapid configuration authority configuring method, comprising:
Application configuration step for newly-increased application or selects stored application;
Menu page configuration step, the configuration together of menu and the page for increased newly application or selected application,
Tree, and the menu page automatic synchronization that will be configured are established by adding menu page at the same level or sub- grade menu page
In attribute value under to menu page attribute;
Data attribute configuration step for establishing data attribute under increased newly application or selected application, and passes through
Addition peer or sub- grade attribute value, establish sane level structure or tree, carry out the configuration of data attribute value;
Permission configuration step, for that will operate and the attribute value phase under under the menu page attribute the and described data attribute
In conjunction with to form license;And
Authorization configuration step gives the permission to the role, and by the role authorization to use for increasing role newly
Family.
8. authority configuring method according to claim 7, wherein
The attribute value includes ID and coding,
The operation is predefined, support Dynamic expansion,
Attribute value default configuration under the menu page attribute has inquiry operation,
Attribute value default configuration under the data attribute has increase, deletion, modification and inquiry operation.
9. authority configuring method according to claim 7, wherein in configuration process, as soon as every completion configuration step,
The configuration step is automatically saved, so that the configuration process interrupted can be selected to continue to configure after configuration process is interrupted.
10. a kind of storage medium is stored thereon with executable code, the executable code makes institute when being executed by processor
State authority configuring method of the processor execution as described in any one of claim 7 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910451862.9A CN110348183B (en) | 2019-05-28 | 2019-05-28 | RBAC-based rapidly configurable permission configuration system, method and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910451862.9A CN110348183B (en) | 2019-05-28 | 2019-05-28 | RBAC-based rapidly configurable permission configuration system, method and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110348183A true CN110348183A (en) | 2019-10-18 |
| CN110348183B CN110348183B (en) | 2021-07-20 |
Family
ID=68174083
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910451862.9A Active CN110348183B (en) | 2019-05-28 | 2019-05-28 | RBAC-based rapidly configurable permission configuration system, method and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110348183B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111400561A (en) * | 2020-03-17 | 2020-07-10 | 杭州迪普科技股份有限公司 | Electronic device and configuration method thereof |
| CN111427491A (en) * | 2020-03-02 | 2020-07-17 | 青岛聚好联科技有限公司 | Method and device for configuring system background menu button |
| CN111950866A (en) * | 2020-07-24 | 2020-11-17 | 合肥森亿智能科技有限公司 | Role-based multi-tenant organizational structure management system, method, device and medium |
| CN112487378A (en) * | 2020-12-11 | 2021-03-12 | 宝付网络科技(上海)有限公司 | Tenant authority management system suitable for big data platform |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101478536A (en) * | 2008-12-08 | 2009-07-08 | 山东浪潮齐鲁软件产业股份有限公司 | Method for solving access control in authority management |
| CN101997876A (en) * | 2010-11-05 | 2011-03-30 | 重庆大学 | Attribute-based access control model and cross domain access method thereof |
| CN103049684A (en) * | 2012-12-21 | 2013-04-17 | 大唐软件技术股份有限公司 | Data authority control method and data authority control system based on RBAC (role-based access control) model extension |
| CN104243453A (en) * | 2014-08-26 | 2014-12-24 | 中国科学院信息工程研究所 | Access control method and system based on attribute and role |
-
2019
- 2019-05-28 CN CN201910451862.9A patent/CN110348183B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101478536A (en) * | 2008-12-08 | 2009-07-08 | 山东浪潮齐鲁软件产业股份有限公司 | Method for solving access control in authority management |
| CN101997876A (en) * | 2010-11-05 | 2011-03-30 | 重庆大学 | Attribute-based access control model and cross domain access method thereof |
| CN103049684A (en) * | 2012-12-21 | 2013-04-17 | 大唐软件技术股份有限公司 | Data authority control method and data authority control system based on RBAC (role-based access control) model extension |
| CN104243453A (en) * | 2014-08-26 | 2014-12-24 | 中国科学院信息工程研究所 | Access control method and system based on attribute and role |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111427491A (en) * | 2020-03-02 | 2020-07-17 | 青岛聚好联科技有限公司 | Method and device for configuring system background menu button |
| CN111400561A (en) * | 2020-03-17 | 2020-07-10 | 杭州迪普科技股份有限公司 | Electronic device and configuration method thereof |
| CN111400561B (en) * | 2020-03-17 | 2023-09-12 | 杭州迪普科技股份有限公司 | Electronic device and configuration method thereof |
| CN111950866A (en) * | 2020-07-24 | 2020-11-17 | 合肥森亿智能科技有限公司 | Role-based multi-tenant organizational structure management system, method, device and medium |
| CN111950866B (en) * | 2020-07-24 | 2023-11-07 | 合肥森亿智能科技有限公司 | Role-based multi-tenant organization structure management system, method, equipment and medium |
| CN112487378A (en) * | 2020-12-11 | 2021-03-12 | 宝付网络科技(上海)有限公司 | Tenant authority management system suitable for big data platform |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110348183B (en) | 2021-07-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110348183A (en) | Based on RBAC can rapid configuration authority configuration system, method and storage medium | |
| CN103198090B (en) | For optimizing the method and system of the storage distribution in virtual desktop environment | |
| CN102236763B (en) | Based on the safety of data driven role | |
| US9047462B2 (en) | Computer account management system and realizing method thereof | |
| US8745087B2 (en) | System and method for defining and manipulating roles and the relationship of roles to other system entities | |
| US20160063100A1 (en) | Semantic data structure and method | |
| US7913161B2 (en) | Computer-implemented methods and systems for electronic document inheritance | |
| US8589306B1 (en) | Open source license management | |
| CN110807015A (en) | Big data asset value delivery management method and system | |
| CN105900093B (en) | A kind of update method of the tables of data of KeyValue databases and table data update apparatus | |
| CN112182622A (en) | Authority management system design method based on resource control | |
| EP3028399A1 (en) | Systems and methodologies for managing document access permissions | |
| EP3844646B1 (en) | Context-aware content object security | |
| JP6578356B2 (en) | Access control for objects with attributes defined for a hierarchically organized domain containing a fixed number of values | |
| US8799203B2 (en) | Method and system for encapsulation and re-use of models | |
| CN101344941A (en) | Intelligent auditing decision tree generation method of 4A management platform | |
| WO2019062049A1 (en) | Financial app permission configuration method, device and equipment, and storage medium | |
| CN108614690A (en) | Software development methodology, system based on component-oriented and high in the clouds and storage medium | |
| CN110363012A (en) | Method, permission system and the storage medium of authority configuration are carried out to permission resource | |
| WO2018187696A1 (en) | Systems and methods for access control and data management | |
| US9904452B2 (en) | Building user specific user interface instances | |
| CN112631584A (en) | Metadata dynamic form generation method and system | |
| US20220270122A1 (en) | Information delivery method, apparatus, and device, and computer-readable storage medium | |
| US20140052649A1 (en) | Data Management System for Generating a Report Document by Linking Technical Data to Intellectual Property Rights Data | |
| US11586645B2 (en) | Systems and methods for integrated dynamic runtime ETL tool and scalable analytics server platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |