Method and a system for controlling user data reading and writing security rights based on roles and resources

Abstract

The technical proposal of the invention comprises a method and a system for controlling user data reading and writing security rights based on roles and resources, which are used for realizing the following functions: controlling application program rights, including executing corresponding security rights control on database table level, field level and record level data at the front and back ends of the application program; controlling user data reading and writing security rights based on roles and resources. Work order data permission control, including work order administrator role, workorder adding permission, work order content viewing permission, work order content modifying permission and content operation permission to implement corresponding permission security control; Reporting permission control, including the addition of permission assertions to the report file, is used to determine access and / or modified objects, and to perform access control based on the determinationresults. The invention has the advantages that the user-defined matching can flexibly define various complicated fields or report screening conditions; Flexible and changeable table level, field level and record level omni-directional matrix permission control can be realized.

Description

technical field [0001] The invention relates to a method and system for controlling user data read-write security rights based on roles and resources, and belongs to the field of computers. Background technique [0002] Role-Based Access Control (RBAC: Role-Based Access Control) as a promising replacement of traditional access control (voluntary access, mandatory access) has received widespread attention. In RBAC, permissions are associated with roles, and users gain the permissions of those roles by becoming members of the appropriate roles. This greatly simplifies the management of permissions. In an organization, roles are created to accomplish various tasks, and users are assigned corresponding roles according to their responsibilities and qualifications. Users can be easily assigned from one role to another. Roles can be given new permissions according to new requirements and system integration, and permissions can also be withdrawn from a role as needed. Character-t...

AI Technical Summary

Problems solved by technology

[0018] 1) The authority control is not comprehensive, and does not cover the authority control of various channels and entrances such as reports, work order processes, HQL, and API interfaces;

[0019] 2) There is no refinement to the permission control of different combinations of database table CRUD (addition, deletion, modification and query);

[0020] 3) Permissions are directly authorized to users instead of roles. This authorization method is not flexible. When it comes to daily changes such as user resignation and job transfer, the system authorization adjustment is cumbersome and complicated, and the workload is heavy;

[0021] 4) It is difficult to meet complex data record filtering by only using simple field filtering conditions and their combinations of "and" or "or". Multiple other field values ​​in the level association table for multi-level association query filtering

Images