35results about How to "Simplify permissions management" patented technology

The invention discloses a system and a method for role-based access control. The system comprises a request initiator, an access control executing mechanism, an access control decision mechanism and a target resource, wherein the request initiator sends an access request to the access control executing mechanism, the access control executing mechanism transmits the request to the access control decision mechanism, the access request is transferred to the target resource according to the decision result of the access control decision mechanism, the access control decision mechanism obtains the role information of the request initiator according to a user information table and a role information table after receiving the decision requirement, the role of the request initiator is verified to have the right to execute the access request or not through checking the user role table and a role right table, the access request is judged, and the decision result is fed back to the access control executing mechanism. With the adoption of the system and the method, the right management and distribution work are simplified, so that a role-based access control mechanism in a software system is close to the practical conditions of an organization.

The invention discloses a private data processing method, device and equipment of a block chain and a storage medium, relates to the technical field of block chains, and can be used for cloud computing and cloud service. According to the specific implementation scheme, acquiring a data authorization request sent by a data owner, wherein the data authorization request comprises to-be-authorized data and a block chain account address of a data user, and the to-be-authorized data at least comprises encrypted data; in the trusted computing environment, according to the block chain account addressof the data user, performing authorization processing on the encrypted data in the to-be-authorized data to obtain authorized data or a data use certificate of the to-be-authorized data; and sending an uplink transaction request comprising a data use certificate of the authorized data or the to-be-authorized data to a block chain network for uplink storage. Therefore, the complexity of privacy data authority management is reduced.

The invention relates to the technical field of micro-service calling, and discloses an authority management method and device based on micro-service calling and a storage medium. The method comprisesthe following steps: obtaining a calling request sent by a client for calling a micro-service; acquiring a request uniform resource locator (URL) according to the calling request; obtaining an IP address of the client, and determining a micro-service identity corresponding to the client according to the IP address; based on the micro-service identity, the request URL and the service authority configuration table corresponding to the client, determining whether the client has the access authority of accessing the micro-service or not, wherein at least one group corresponding to the micro-service identity and an interface address corresponding to each group in the at least one group are configured in the service authority configuration table. According to the method and device, authority management of micro-service calling can be simply, conveniently and quickly completed under the condition of no user information.

The invention discloses a system dispatching method. The method includes: determining dispatched tasks, wherein the tasks which need to be dispatched are determined, determining dispatched objects, wherein the dispatched objects are determined, the objects are roles, the roles are independent individuals rather than groups/classes, one role can only be associated with a unique user in the same time period, and one user is associated with one or more roles; and carrying out dispatching, wherein the tasks which need to be dispatched are distributed to the dispatched roles. According to the method, the tasks are distributed to the roles, the user obtains the tasks through associations with the role, the association of an employee and the role is canceled when a turnover of the employee occurs, a newly recruited employee is directly enabled to be associated with the role without the need for re-dispatching for the newly recruited employee, and operations are convenient and quick; the association of an employee and the original role is canceled when position transferring of the employee occurs, the tasks dispatched for the new role can be automatically obtained by associating with the new role; and for a dispatcher, no operation needs to be carried out when the turnover or position transferring occurs.

The invention discloses a task management system and method for automatically submitting files into a version library. The system comprises a user management module, an item management module, a task management module and an achievement management module. The method comprises the following steps that 1, items are created in the system, tasks of the items are guided in, and the system reads the task information and stores the task information into a system database; 2, when a user has access to the system, the system screens out tasks related to the user according to the task information; 3, the user uploads an achievement file and sets the task finishing state, and the system calculates a version library route corresponding to the achievement file; 4, the system reads a permission configuration file of the version library and sets the read-write permission of the current user in the version library route, and the system reads a user configuration file of the version library and obtains the version library user name and the password of the current user; 5, the system uploads the achievement file to the version library through the corresponding version library route.

The invention discloses an examination and approval task transfer method based on an improved RBAC authority control mechanism. The method includes the steps that a role is created in a system, the role is an independent individual nature role, one independent individual nature role can only be associated with a unique user in the same time period, and one user is associated with one or more independent individual nature roles; a transferring person obtains an examination and approval task in the examination and approval process; the transferring person transfers the examination and approval task to a transferred person, and the transferred person is one independent individual nature role. According to the examination and approval task transfer method based on the improved RBAC authority control mechanism, the transferred person adopts the independent individual nature role, when an employee corresponding to the user associated with the role of the transferred person leaves or is transferred, the original association is simply released, and the user corresponding to the new employee is associated with a role to automatically obtain all the currently transferred examination and approval tasks of the role, and the handover of the examination and approval task is achieved through the association of the role in the meantime. The workload is small, and seamless docking can be achieved, lag or omission of transferring the examination and approval tasks cannot appear, and it is ensured that urgent tasks are dealt with in a timely manner.

The invention discloses a form operation permission authorization method based on a role. The method comprises the following steps that: selecting an authorized role: selecting one or a plurality of roles as authorized roles, wherein each role is an independent individual but is not groups/categories, one role in the same time period only can be associated with a unique user, and one user is associated with one or a plurality or roles; selecting a form: when the number of the selected authorized role is one and the number of the selected form is one, displaying the existing permission state of the authorized role for the selected form; when the number of the selected forms is at least two, displaying blank form operation permission; carrying out form operation permission authorization on the authorized form; and after above steps are finished, storing the permission of the authorized role. By use of the method, the authorization efficiency of the form operation permission is improved, the method is simple in operation, the safety performance of a system is improved, and a risk that losses are caused for enterprises due to the leakage of information can be reduced.

The invention discloses a method for supervising approval operation, authorization operation and form operation. The method comprises the following steps: creating roles in a system, wherein the roles are independent individuals, and in the same period, one role can only associate with only one user, and one user can associate with one or more roles; when the role executes approval/ authorization/ form operation, recording the role executing the operation; setting one or more roles as a monitoring role/ monitored role, and setting a monitored role/ monitoring role for each monitoring role/ monitored role; and through the monitoring role, monitoring the approval/ authorization/ form operation recordings executed by the monitored role. The monitoring and monitored subjects are independent individual roles respectively; work content of users/staffs is distinguished according to post number/ station number, and each post number/ station number is corresponding to one independent individual role; setting of supervision authority is realized for each role; monitoring and monitored authorities are subjected to refined authorization; and the method meets actual operation and use requirements of enterprises.

The invention discloses a shortcut function setting method. The method includes the steps of setting shortcut menus and newly-added shortcut forms, wherein the step of setting the shortcut menus includes the substeps of setting a shortcut menu inlet, setting the shortcut menus, displaying the shortcut menus through the shortcut menu inlet and displaying the shortcut menu selected in the second step through the shortcut menu inlet; selecting any shortcut menu in the first step according to needs, and displaying a function interface corresponding to the shortcut menu. The checking and operating of the frequently-used menus and the newly adding of the forms can be conveniently and rapidly completed, and the office efficiency is improved; a role can only be related to a unique user at the same time duration, the user only needs to be related to a new role when the user gets a new job or is transferred to a new position, then the frequently-used shortcut menu corresponding to the role can be obtained through the shortcut menu inlet, the form with newly-added authority corresponding to the role can also be obtained through a newly-added shortcut form inlet, and the authority management efficiency in the use of a system is greatly improved.

The invention provides a resource allocation method and device, computer equipment and a storage medium, and the method comprises the steps of obtaining a plurality of preset roles; determining a hierarchical relationship among a plurality of preset roles according to the role feature information of the preset roles; and based on the hierarchical relationship, allocating resource permissions to each preset role, the resource permissions of any two preset roles having the membership hierarchical relationship being included in the resource permissions of the preset roles having the high hierarchy, and the resource permissions of the preset roles having the low hierarchy. According to the embodiment of the invention, the authority management of the user is simplified and the system overhead is reduced by presetting a plurality of roles; when the user role is changed, other roles having a membership hierarchical relationship with the role do not need to be modified, so that the replicability of the operation is reduced; besides, when the resources corresponding to the roles are changed, only the resources of the preset roles with low hierarchies need to be adjusted, and the resources of the preset roles with high hierarchies do not need to be modified, so that the operation replicability is reduced, the resource management and control efficiency is improved, and the refined management and control of the resource permission is met.

The invention provides a dynamic access control method based on a business body, which relates to the technical field of system access control, and comprises the following steps: abstracting a business system to obtain an initial business body BEInit; a user sends an access request to a service system, a user attribute acquisition method in an initial service body BEInit acquires user attributes, a complete service body is obtained, and a trust evaluation method in the service body evaluates a user trust level according to the user attributes; a trust judgment mechanism in the service body judges a user trust level and a service system security level attribute value of the service body; and if the user trust level is higher than the service system security level attribute value of the service body, allowing the user to continue to access. According to the method, access control is carried out based on the business body by introducing a business body concept, and flexible, rapid and safe access control authorization is realized in an open and complex super application system environment.

The invention provides a permission management method and device, equipment and a storage medium, and the method adds permission annotation to an interface in a non-intrusive manner, does not need tomodify original code logic, is simple in processing process, and solves a problem that a conventional permission management model needs to define more permission contents to achieve the relation between permission and the interface and the processing is complicated. According to the embodiment of the invention, the permission annotation is added to the code corresponding to each interface, the permission to which the interface belongs is visually reflected from the code, and the permission corresponding to the interface does not need to be inquired from the database, so that the problem that the permission of the interface stored in the database may be wrong is solved to a certain extent; therefore, the accuracy of the interfaces and the corresponding authorities is improved, authority management is carried out on the user using the target system according to the permission annotation added to the code corresponding to each interface, and the permission management method is simple, accurate and suitable for application.