Unlock instant, AI-driven research and patent intelligence for your innovation.

File access authority control method and device thereof

A permission control and file access technology, applied in the field of communication, can solve problems such as time waste and low efficiency

Active Publication Date: 2014-11-12
HUAWEI TECH CO LTD
View PDF5 Cites 20 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Embodiments of the present invention provide a method and device for controlling file access rights, which solve the problems of time waste and low efficiency caused by traversing all access control items ACE when the server of the file system performs access control list ACL authentication on files. It can improve the efficiency of ACL authentication and reduce the overall overhead of the system

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • File access authority control method and device thereof
  • File access authority control method and device thereof
  • File access authority control method and device thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0058] An embodiment of the present invention provides a file access authority control method, such as figure 2 As shown, the method includes:

[0059] S101. The server reads the ACE in the initial ACL.

[0060] Whenever a user initiates an operation request on a file, the server of the file system needs to perform ACL authentication on the file. The server reads the ACL from the extended attributes of the server metadata. Then traverse all ACEs in the ACL to find out the ACE associated with the current access user.

[0061] Wherein, the ACL stores the access rights of folders and files in the file system, and includes many access control items ACE, and each access control item records a user or group and its corresponding access rights. The ACE at least includes a user identifier (for example, a user identifier or a group identifier), and member variables corresponding to the user identifier (for example, type of access, Permission, and flag).

[0062] Specifically, the ...

Embodiment 2

[0090] An embodiment of the present invention provides a file access authority control method, such as Figure 4 As shown, the method includes:

[0091] S201. The server reads the ACE in the initial ACL.

[0092] When the server of the file system performs ACL authentication on the file, the server reads the ACL from the extended attribute, and then traverses all ACEs to find out the ACE associated with the current access user.

[0093] Specifically, when the server of the file system performs ACL authentication on the file, it first reads the access control item ACE in the initial access control list ACL.

[0094] Wherein, the ACE includes at least user IDs and member variables corresponding to each user ID. The user identifier includes a user identifier or a group identifier. The member variables corresponding to each user ID at least include Type, Permission and Flag indicating whether the user can access the file.

[0095] Specifically, the member variable identifier F...

Embodiment 3

[0131] The embodiment of the present invention provides a server 1, such as Figure 5 shown, including:

[0132] The obtaining unit 10 is configured to read the access control item ACE in the initial access control list ACL, where the ACE includes at least a user identifier and a member variable corresponding to the user identifier;

[0133] A judging unit 11, configured to judge whether the ACE acquired by the acquiring unit 10 contains only an IO-inherited flag;

[0134] The pre-storage unit 12 is used to save the ACE determined by the judging unit 11 that does not include the IO flag bit into the cache ACL;

[0135] The processing unit 13 is configured to combine the ACEs in the cached ACL stored in the pre-storage unit 12 that contain the same user ID and do not contain the IO flag bit to obtain an improved ACL, and the improved ACL is used to perform ACL authentication on the file.

[0136] Further, the user identifier includes a user identifier or a group identifier; ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

An embodiment of the invention provides a file access authority control method and a device thereof, which relates to communication field. Efficiency for accessing a control list ACL authentication can be improved, and integral expenditure of the system is reduced. The file access authority control method comprises the steps of: reading an access control entry ACE in an initial access control list ACL, wherein the ACE at least comprises user identification and a member variable which corresponds with the user identification; determining whether the ACE only contains an inherit-only IO identification mark; storing the ACE which does not contain the IO identification mark into a buffer ACL; and combining the ACEs with buffer ACLs which contain same user identification and do not contain the IO identification mark, thereby obtaining an improved ACL, wherein the improved ACL is used for performing ACL authentication.

Description

technical field [0001] The invention relates to the communication field, in particular to a file access authority control method and device. Background technique [0002] In the server of the file system, the access control list (ACL, Access Control List) is used to control the access rights of users or group members to folders or files, that is, the server of the file system controls the access of users or group members to files according to the ACL. folder or file access permissions. In the file system, each directory or file corresponds to an ACL, and the user's operation authority will be restricted according to the ACL in multiple operations such as file creation, deletion, reading and writing data, and setting attributes, which also improves file access. System security. [0003] In the prior art, when performing access authority authentication on a file, that is, when performing ACL authentication on a file, the server of the file system reads the required ACL from ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/08G06F21/62
CPCG06F21/6218
Inventor 崔炳华毛小丽罗成友何益
Owner HUAWEI TECH CO LTD
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com