Method and device for controlling permission

Abstract

The invention provides a method and device for controlling the permission. The method for controlling the permission comprises the following steps of: acquiring a role of a user from a set first corresponding relation between the user and the role; acquiring an application permission corresponding to the role of the user from a set second corresponding relation between the role and the user; receiving an operation request of the user entering the application, querying whether the acquired application permission comprises corresponding operations of the operation request or not; if so, allowing to execute the operation; and otherwise, refusing to execute the operation. According to the method and device disclosed by the invention, the permission control becomes simpler and more flexible and the application range of the permission control is wider.

Description

technical field

[0001] The invention relates to the field of authority control, in particular to an authority control method and device. Background technique

[0002] With the development of the IT industry, enterprise applications and e-commerce have higher requirements for authority control: not only require authority control to have relatively high security, but also require authority control to be easy to expand, easy to manage, and more flexible , so as to meet all kinds of complex business. Traditional access control methods such as Discretionary Access Control (DAC) and Mandatory Access Control (MAC) cannot meet the demands of increasingly complex and flexible e-commerce applications and enterprise environment applications. In view of the above reasons, the US National Institute of Standards and Technology (NIST) proposed a role-based access control (Role-Based Access Control, RBAC) model in the early 1990s.

[0003] refer to figure 1 , the basic principle of permi...

Images