Dynamic permission control method and system based on large language model and data semantics

By generating structured semantic tags through a large language model and building a dynamic permission rule base, the problem of insufficient accuracy in traditional permission control is solved, thereby improving the security and flexibility of the knowledge management system and adapting to dynamic business scenarios and changes in user roles.

CN122196986APending Publication Date: 2026-06-12CCCC SECOND HIGHWAY CONSULTANTS CO LTD +1

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
CCCC SECOND HIGHWAY CONSULTANTS CO LTD
Filing Date
2026-01-21
Publication Date
2026-06-12

Smart Images

  • Figure CN122196986A_ABST
    Figure CN122196986A_ABST
Patent Text Reader

Abstract

The application discloses a kind of dynamic permission control method and system based on large language model and data semantics, method includes: the knowledge management platform arbitrary format knowledge data is input into large language model extraction core semantic and generates structured label set.Based on platform user system and business demand, basic permission rule is constructed, and the semantic analysis of historical permission interaction, business cooperation process data is combined with model, and rule base is optimized, and user attribute-semantic label-permission type mapping is formed;When user initiates request, identity and scene information are collected, and target data label is input into model in combination, and model is called rule base decision permission range by semantic matching;According to result, control is executed in multiple terminals, model captures the dynamic change of permission association elements, updates configuration when meeting the condition, completes permission dynamic assignment and recycling, generates log to support semantic retrieval and traceability.Improves the security and collaboration efficiency of knowledge management.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention belongs to the field of large language model technology, and more specifically, relates to a dynamic permission control method and system based on large language models and data semantics. Background Technology

[0002] In the field of access control for knowledge management systems, as knowledge data becomes increasingly diverse, encompassing various types of unstructured and structured data, and the demand for cross-organizational and cross-scenario collaboration continues to grow, traditional access control methods are no longer adequate for complex application scenarios. Existing technologies mostly configure permissions based on fixed roles or static attributes, relying on manually preset rules, and cannot deeply connect with the core semantic content of knowledge data, resulting in insufficient accuracy in permission division.

[0003] When knowledge data content is updated, industry regulations are adjusted, or project stages change, static permission rules cannot be automatically iterated and require manual intervention for modification. This is not only inefficient but also prone to permission lag or configuration errors, leading to risks of unauthorized access or obstruction of legitimate operations. Furthermore, existing technologies lack the ability to perceive dynamic changes in permission-related elements in real time, making it difficult to flexibly adjust permissions based on changes in user roles and the evolution of collaboration scenarios, thus failing to meet the permission control needs of dynamic collaboration.

[0004] Furthermore, traditional access control relies heavily on surface-level identifiers for matching, making it difficult to achieve deep adaptation between user identity, business scenarios, and knowledge data semantics. Access verification during cross-organizational collaboration lacks precise criteria, and access operation tracing depends on simple log records, resulting in low retrieval and verification efficiency. These issues severely impact the security, flexibility, and collaboration efficiency of knowledge management systems, hindering the efficient flow and compliant use of knowledge data. Therefore, a technical solution capable of achieving dynamic and precise access control based on data semantics is urgently needed. Summary of the Invention

[0005] This invention aims to solve the problems of low accuracy and static rigidity in traditional access control. Relying on the multimodal parsing and semantic understanding capabilities of large language models, it constructs a dynamic mapping rule base of "user attributes-semantic tags-permission types" to realize real-time permission decision-making, dynamic granting and revoke, and semantic traceability, thereby improving the security and collaboration efficiency of knowledge management.

[0006] To address the aforementioned deficiencies or improvement needs of existing technologies, as a first aspect of this invention, the present invention provides a dynamic access control method based on a large language model and data semantics, comprising: S1. Input knowledge data of any format received by the knowledge management platform into a large language model deployed in the target environment. Through the model's multimodal data parsing and semantic understanding capabilities, extract the core semantic content of the knowledge data and automatically generate a structured semantic tag set. S2. Based on the user system and business scenario requirements of the knowledge management platform, construct basic permission rules; combine the semantic analysis results of historical permission interaction data and business collaboration process data from the large language model to dynamically optimize the permission rule base and form a mapping relationship of "user attributes - knowledge data semantic tags - permission types"; S3. When a user initiates a knowledge data operation request, the user's identity information and operation scenario information are collected simultaneously and input into the large language model along with the semantic tag set of the target knowledge data. The model uses a semantic matching method to call the dynamic permission rule base and make real-time decisions on the user's corresponding permission scope and operation restrictions. S4. Based on the permission decision results, execute permission control in the multi-terminal application scenarios of the knowledge management platform, allowing users to operate on knowledge data within the authorized scope; at the same time, capture the dynamic changes of permission-related elements in real time through a large language model, and automatically update the permission configuration when the preset adjustment conditions are met, completing the dynamic granting and revocation of permissions; and generate permission operation logs to support semantic-based retrieval and full-process traceability.

[0007] Furthermore, the semantic tag set in S1 includes fixed tags and dynamic tags, and is associated with document metadata; wherein, the document metadata refers to the structured descriptive information formed during the generation, storage, circulation and management of knowledge data, which is used to uniquely identify knowledge data, associate semantic tags and support permission matching, and its types include but are not limited to basic identifiers, ownership associations, management attributes and business characteristic related information.

[0008] Furthermore, the rule base in S2 supports automatic iteration based on updates to industry regulations and changes in project stages. The specific process for automatic iteration is set as follows: set up for A dynamic permission rule base for real-time access control. for The permission rule base at any time. This dataset represents a set of semantic changes generated by parsing industry regulation update text for large language models. This involves analyzing project lifecycle data using a large language model to obtain a semantic set of business scenarios corresponding to changes in project stages. This is a set of semantic mapping updates for "user attributes - knowledge data semantic tags - permission types" generated by the large language model based on historical permission interaction data and business collaboration process data. To achieve a semantic rule fusion operator that logically adapts the rule base to various semantic sets and integrates them without redundancy, To remove invalid rules that have semantically conflicting historical rules, To characterize semantically conflicting relation symbols that logically contradict the rules and semantic sets, the automatic iteration formula for the rule base is as follows: , in, Represents a single permission rule element; Its iterative process is as follows: the large language model generates... , and Through semantic rule fusion operator right Integrate with the three types of sets, and then remove operators using failure rules. Eliminate Zhongyu or Historical rules with semantic conflicts eventually lead to Dynamic permission rule base at any time It enables automatic iteration of the rule base as industry regulations are updated and project stages change.

[0009] Furthermore, the permission types in S2 include at least one of access, edit, download, share, and derivative operation permissions.

[0010] Furthermore, S3 also includes: for collaborative operation requests across organizations and scenarios, automatically triggering a multi-level semantic verification mechanism to generate a temporary permission configuration scheme.

[0011] Furthermore, the multi-level semantic verification mechanism specifically includes: set up For multi-level semantic verification results, For a semantic subset of user identity, For a semantic subset of collaborative scenarios, For the semantic subset of knowledge data, This is a set of hierarchical permission verification rules in a dynamic permission rule base. For hierarchical semantic matching operators, For multi-level verification result aggregation operator, For semantically compliant derivation symbols, the multi-level semantic verification formula is: , The specific process involves the large language model breaking down user identity information, collaborative scenario information, and the semantic tag set of target knowledge data into... , Call the hierarchical permission verification rule set in the dynamic permission rule base. Through hierarchical semantic matching operators Complete in sequence and , and , and Semantic logic adaptation verification, utilizing semantic compliance inference symbols. Determine whether the semantics at each level conform to the corresponding validation rules, and then aggregate the results of the multi-level validation using an aggregation operator. Perform a logical AND operation on the compliance results at each level to output the final multi-level semantic verification result. Complete the hierarchical verification of cross-organizational and cross-scenario collaboration requests.

[0012] Furthermore, the dynamic changes of the associated elements in S4 include: changes in the content of knowledge data, changes in user attributes, and the lifecycle status of the operation scenario.

[0013] Furthermore, the specific process of dynamically granting and revoking permissions in S4 is as follows: set up for Dynamic permission set at all times The output is the permission decision result. This is a dynamically changing set of permission-related elements captured by a large language model. This is the iteratively updated dynamic permission rule library. Assign operators to permissions. For the privilege revoke operator, The symbol for semantic consistency determination indicates that the permission does not match the associated elements and rule base of the current permission. The formula for dynamic permission granting and revoke is: , in, Represents a single permission element; The specific process is as follows: based on the decision results of the access control system... Assigning operators by permissions Call the iterated dynamic permission rule library Generate initial executable permissions; the large language model captures the dynamic changes of permission-related elements in real time. Determine symbols through semantic consistency Verify historical dynamic permission set Permissions and permissions in the middle , The matching status is used to remove invalid permissions that do not meet semantic consistency using the permission eviction operator, ultimately resulting in... Dynamic permission set at any time This enables the dynamic granting and revoke of permissions.

[0014] As a second aspect of the present invention, a dynamic access control system based on a large language model and data semantics is also provided, comprising: The semantic parsing and tag extraction unit is used to input knowledge data of any format received by the knowledge management platform into a large language model deployed in the target environment. Through the model's multimodal data parsing and semantic understanding capabilities, it extracts the core semantic content of the knowledge data and automatically generates a structured semantic tag set. The dynamic permission rule base building unit is used to construct basic permission rules based on the user system and business scenario requirements of the knowledge management platform; combined with the semantic analysis results of historical permission interaction data and business collaboration process data by the large language model, the permission rule base is dynamically optimized to form a mapping relationship of "user attributes - knowledge data semantic tags - permission types"; The real-time permission matching and decision-making unit is used to synchronously collect user identity information and operation scenario information when a user initiates a knowledge data operation request, and input them and the semantic tag set of the target knowledge data into the large language model; the model calls the dynamic permission rule library through the semantic matching method to make real-time decisions on the user's corresponding permission scope and operation restrictions. The permission execution and dynamic adjustment unit is used to execute permission control in multi-terminal application scenarios of the knowledge management platform based on the permission decision results, allowing users to operate on knowledge data within the authorized scope; at the same time, it captures the dynamic changes of permission-related elements in real time through a large language model, and automatically updates the permission configuration when the preset adjustment conditions are met, completing the dynamic granting and revocation of permissions; and generates permission operation logs, supporting semantic-based retrieval and full-process traceability.

[0015] As a third aspect of the present invention, a computer-readable storage medium is also provided, on which a computer program is stored, the computer program being executed by a processor of any one of the following: a dynamic access control method based on a large language model and data semantics.

[0016] In summary, compared with the prior art, the above-described technical solutions conceived by this invention can achieve the following beneficial effects: 1. The dynamic access control method based on a large language model and data semantics of this invention inputs knowledge data of any format received by the knowledge management platform into a large language model deployed in the target environment. Leveraging the model's multimodal parsing and semantic understanding capabilities, it extracts core content semantics and generates a structured semantic tag set. This technical feature enables deep semantic mining of diverse knowledge data, breaking down semantic barriers between different data formats. It allows access control to accurately associate with core data information, avoiding the accuracy limitations of traditional access control based on surface features. This provides a reliable semantic foundation for the subsequent construction and matching of access rules, ensuring that access control is highly aligned with the actual content and business value of the knowledge data.

[0017] 2. The dynamic permission control method based on a large language model and data semantics of this invention constructs basic permission rules based on the user system and business scenario requirements of a knowledge management platform. It then dynamically optimizes the permission rule base by combining the semantic analysis results of historical permission interaction data and business collaboration process data from the large language model, forming a mapping relationship of "user attributes - knowledge data semantic tags - permission types." This technical feature frees permission rules from the limitations of being fixed and static, enabling real-time iteration with changes in the semantics of business data. This allows permission configurations to not only match the user's actual identity and business role but also adapt to dynamically changing business scenarios, effectively improving the flexibility and adaptability of permission rules and meeting the needs of cross-scenario and cross-organizational permission management.

[0018] 3. The dynamic permission control method based on a large language model and data semantics of this invention determines the scope of permissions by invoking a dynamic permission rule base through semantic matching of the large language model when a user initiates an operation request. Simultaneously, it captures dynamic changes in permission-related elements in real time, automatically updates permission configurations to dynamically assign and revoke permissions, and generates operation logs that support semantic retrieval. This technical feature achieves real-time and dynamic adjustment capabilities for permission decisions, ensuring that permissions are always accurately matched with user identity, data status, and business scenarios. This avoids security risks caused by unauthorized access and reduces efficiency losses caused by unauthorized operations. Furthermore, the semantic log traceability function provides convenient support for compliance verification of permission management, balancing data security and business efficiency. Attached Figure Description

[0019] Figure 1 This is a flowchart of a dynamic permission control method based on a large language model and data semantics according to an embodiment of the present invention. Figure 2 This is a diagram illustrating the architecture of a knowledge management platform according to an embodiment of the present invention. Figure 3 This is a system unit diagram of an embodiment of the present invention. Detailed Implementation

[0020] To make the objectives, technical solutions, and advantages of this invention clearer, the invention will be further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative and not intended to limit the invention. Furthermore, the technical features involved in the various embodiments of this invention described below can be combined with each other as long as they do not conflict with each other.

[0021] Example 1 Please refer to Figure 1 This embodiment 1 provides a dynamic access control method based on a large language model and data semantics, including: S1. Input knowledge data of any format received by the knowledge management platform into a large language model deployed in the target environment. Through the model's multimodal data parsing and semantic understanding capabilities, extract the core semantic content of the knowledge data and automatically generate a structured semantic tag set. S2. Based on the user system and business scenario requirements of the knowledge management platform, construct basic permission rules; combine the semantic analysis results of historical permission interaction data and business collaboration process data from the large language model to dynamically optimize the permission rule base and form a mapping relationship of "user attributes - knowledge data semantic tags - permission types"; S3. When a user initiates a knowledge data operation request, the user's identity information and operation scenario information are collected simultaneously and input into the large language model along with the semantic tag set of the target knowledge data. The model uses a semantic matching method to call the dynamic permission rule base and make real-time decisions on the user's corresponding permission scope and operation restrictions. S4. Based on the permission decision results, execute permission control in the multi-terminal application scenarios of the knowledge management platform, allowing users to operate on knowledge data within the authorized scope; at the same time, capture the dynamic changes of permission-related elements in real time through a large language model, and automatically update the permission configuration when the preset adjustment conditions are met, completing the dynamic granting and revocation of permissions; and generate permission operation logs to support semantic-based retrieval and full-process traceability.

[0022] This embodiment 1 further elaborates on the above steps.

[0023] (1) Semantic parsing and tag extraction In knowledge management scenarios, facing the challenges of diverse knowledge data formats and the difficulty of accurately associating data semantics with traditional access control, this embodiment 1 first inputs the knowledge data of arbitrary formats received by the knowledge management platform into a large language model deployed in the target environment. Leveraging its multimodal data parsing capabilities, this large language model can parse knowledge data in different formats such as text, images, and audio. Simultaneously, utilizing its semantic understanding capabilities, it deeply mines the core semantic content of the knowledge data, automatically generating structured semantic tag sets. These tag sets include both fixed and dynamic tags, all associated with document metadata.

[0024] Fixed tags are static identifiers generated based on the inherent attributes of knowledge data. Once determined, they remain stable and will not change with changes in the external environment or business processes. Their core function is to perform basic and fixed classification and identification of knowledge data, such as the industry sector to which the data belongs, core business module, basic data type, and original creation department. These attributes are the core characteristics inherent in the knowledge data itself and are key identifiers that distinguish different basic data attributes, providing a stable basis for determining access control.

[0025] Dynamic tags are variable identifiers generated by a large language model by combining the dynamic changes in knowledge data with the needs of business scenarios. They update in real time as data status, business processes, and application scenarios change. For example, the version iteration status of knowledge data will generate corresponding dynamic tags based on the number of updates; changes in project stage will cause the project progress tags associated with the data to adjust synchronously; data security level will be updated in real time according to changes in the confidentiality of the content; and changes in business collaboration scenarios will also cause the corresponding collaboration scenario tags to change accordingly. Dynamic tags can accurately capture the real-time status of knowledge data and business-related information, keeping semantic tags synchronized with the actual application scenarios of the data, and providing real-time and accurate semantic support for subsequent dynamic permission adjustments.

[0026] Specifically, structured semantic tag set The following mathematical formula is used to describe it: set up ,in, For a fixed set of tags, satisfying: , in, For document metadata collection, For external scene variables, Symbols representing semantic conflict relationships; here, they represent fixed labels. Independent of external scene variables Change, that is, fixed labels are static and unaffected by changes in the external environment; set up For a dynamic tag set, satisfying: , in, For large language models, For knowledge data, For business scenario variables, It is a time variable; The generation process involves the large language model processing knowledge data of any format received by the knowledge management platform. Perform multimodal parsing and semantic understanding from document metadata Extract the satisfying element generation At the same time, combined Dynamic changes and Real-time status, through generate .

[0027] Meanwhile, the document metadata here is structured descriptive information formed during the generation, storage, circulation, and management of knowledge data. Its function is to uniquely identify knowledge data, ensuring accurate identification of each piece of knowledge data; it also associates semantic tags, giving these tags a concrete carrier; and it supports permission matching, providing a foundational data basis for subsequent access control. Its types are rich, including basic identifiers, attribution associations, management attributes, business characteristics, and other related information. Through the combination of fixed and dynamic tags, comprehensive and accurate extraction and structured association of knowledge data semantics are achieved. This ensures both the stability of the basis for access control and adaptability to dynamic data changes, laying a solid foundation for subsequent semantic-based dynamic access control.

[0028] (2) Construction of dynamic permission rule base After generating the structured semantic tag set of knowledge data, this embodiment 1 first constructs basic permission rules based on the user system and business scenario requirements of the knowledge management platform. This process is not a simple manual preset, but rather takes the platform's existing user identity system (such as the user's department, job level, business role, etc.) as the core basis, and combines the basic requirements of business scenarios (such as different permission requirements for daily office scenarios, project collaboration scenarios, cross-organizational docking scenarios, etc.) to sort out an initial permission control framework.

[0029] Specifically, the first step is to clarify the basic operational permissions of various user groups for different types of knowledge data in regular business processes. For example, ordinary employees have access to and download permissions for publicly available knowledge data, while department heads have editing and sharing permissions for internal departmental knowledge data. Simultaneously, these permission requirements are initially correlated with the structured semantic tag set of the knowledge data. For instance, the semantic tag "industry sector: finance" is matched with the permissions of user groups with financial business knowledge backgrounds. This ensures that the basic permission rules establish an initial correspondence between user identity and data semantics, providing a baseline framework for subsequent dynamic optimization.

[0030] Subsequently, by combining the semantic analysis results of historical permission interaction data and business collaboration process data from the large language model, the permission rule base is dynamically optimized to form a mapping relationship of "user attributes - knowledge data semantic tags - permission types".

[0031] The rule base is capable of automatically iterating based on updates to industry regulations and changes in project stages. Specifically, the large language model parses updated industry regulations text to generate semantic change sets, analyzes project lifecycle data to obtain semantic sets corresponding to changes in project stages, and generates a semantic mapping update set of "user attributes - knowledge data semantic tags - permission types" based on historical permission interaction data and business collaboration process data. These sets are then integrated with the previous permission rule base, while historical rules that logically contradict the semantic change sets of industry regulations or the semantic sets of business scenarios in the project stages are removed, resulting in the current dynamic permission rule base. This enables the rule base to automatically iterate as industry regulations are updated and project stages change.

[0032] In a preferred embodiment, this process is described mathematically in detail, and the specific steps of its automatic iteration are set as follows: set up for A dynamic permission rule base for real-time access control. for The permission rule base at any time. This dataset represents a set of semantic changes generated by parsing industry regulation update text for large language models. This involves analyzing project lifecycle data using a large language model to obtain a semantic set of business scenarios corresponding to changes in project stages. This is a set of semantic mapping updates for "user attributes - knowledge data semantic tags - permission types" generated by the large language model based on historical permission interaction data and business collaboration process data. To achieve a semantic rule fusion operator that logically adapts the rule base to various semantic sets and integrates them without redundancy, To remove invalid rules that have semantically conflicting historical rules, To characterize semantically conflicting relation symbols that logically contradict the rules and semantic sets, the automatic iteration formula for the rule base is as follows: , in, Represents a single permission rule element; Its iterative process is as follows: the large language model generates... , and Through semantic rule fusion operator right Integrate with the three types of sets, and then remove operators using failure rules. Eliminate Zhongyu or Historical rules with semantic conflicts eventually lead to Dynamic permission rule base at any time It enables automatic iteration of the rule base as industry regulations are updated and project stages change.

[0033] Meanwhile, the permission types here cover at least one of the following: access, editing, downloading, sharing, and derivative operation permissions. Through this rule base construction and iteration method, the permission rules not only fit the user's actual identity and business role, but also adapt to dynamically changing business scenarios and industry regulatory requirements, laying a flexible and adaptable rule foundation for subsequent accurate permission decisions.

[0034] (3) Real-time permission matching and decision-making After completing the construction and iteration of the permission rule base, when a user initiates a knowledge data operation request, the system synchronously collects the user's identity information and operation scenario information, and inputs them along with the semantic tag set of the target knowledge data into the large language model. This model then uses semantic matching methods to call the dynamic permission rule base, thereby determining the user's corresponding permission scope and operation restrictions in real time.

[0035] Specifically, after a user initiates a knowledge data operation request, and the system completes the collection and input of user identity information, operation scenario information, and the semantic tag set of the target knowledge data, the large language model will start the semantic matching process.

[0036] First, the model performs deep semantic analysis on user identity information (such as organizational affiliation and job role), operational scenario information (such as business process nodes and collaboration scenario types), and the structured semantic tag set (including fixed and dynamic tags) of the target knowledge data to extract core semantic features. Next, it calls a dynamic permission rule base, which is a set of mappings between "user attributes - knowledge data semantic tags - permission types" that has been automatically iterated over as industry regulations and project stages change.

[0037] The model uses a semantic matching algorithm to logically adapt the semantic features of users and scenarios, the semantic tags of knowledge data, and the permission rules in the rule base one by one. For example, when the semantic features of a user's identity are "senior engineer in the R&D department," the operation scenario is "project R&D collaboration," and the semantic tag of the knowledge data includes "core technical solutions," the model will match the corresponding "edit + share (within the project team only)" permission rule in the rule base. During this process, the model will determine the scope of permissions that the user can perform in real time (such as specific operations like access, editing, and downloading), and clarify the operation restrictions (such as whether it is limited to this organization or whether approval is required), thereby completing real-time decision-making on user permissions and ensuring that permission allocation both meets the needs of the business scenario and complies with data security standards.

[0038] Furthermore, for collaborative operation requests across organizations and scenarios, the system automatically triggers a multi-level semantic verification mechanism to generate temporary permission configuration schemes. Specifically, the large language model decomposes user identity information into a user identity semantic subset containing semantic features such as organizational affiliation, job permissions, and collaborative roles; it decomposes collaborative scenario information into a collaborative scenario semantic subset containing semantic features such as cross-organizational type, business collaboration purpose, and data usage scenario; and it decomposes the target knowledge data semantic tag set into a knowledge data semantic subset containing semantic features such as core semantic tags, data security level, and business affiliation. Next, it calls the hierarchical permission verification rule set in the dynamic permission rule base, which is divided according to organizational level, scenario risk level, and data security level. Through hierarchical semantic matching, it sequentially completes the semantic logic adaptation verification of the user identity semantic subset, collaborative scenario semantic subset, and knowledge data semantic subset with the hierarchical permission verification rule set, determining whether the semantics of each level conforms to the corresponding verification rules. Then, it aggregates the compliance results of each level and outputs the final verification result. Based on the results, a temporary permission configuration scheme is generated to ensure that the permission configuration for cross-organizational and cross-scenario collaboration requests meets business needs while ensuring data security.

[0039] Specifically, in a preferred embodiment, the multi-level semantic verification mechanism is as follows: set up For multi-level semantic validation results (pass / fail), This is a semantic subset of user identity (including semantic features such as organizational affiliation, job permissions, and collaborative roles). This is a semantic subset of collaborative scenarios (including semantic features such as cross-organizational types, business collaboration purposes, and data usage scenarios). This is a semantic subset of knowledge data (including semantic features such as core semantic tags, data security level, and business affiliation). This is a hierarchical permission verification rule set in the dynamic permission rule base (divided by organizational level, scenario risk level, and data security level). This is a hierarchical semantic matching operator (representing semantic logic adaptation and verification performed sequentially according to the "user-scenario-data" hierarchy). This is a multi-level verification result aggregation operator (representing a logical AND operation performed on the verification results at each level). Let the semantic compliance derivation symbol (representing semantic matching compliance derivation based on the verification rule set) be used. Then the multi-level semantic verification formula is: , The specific process involves the large language model breaking down user identity information, collaborative scenario information, and the semantic tag set of target knowledge data into... , Call the hierarchical permission verification rule set in the dynamic permission rule base. Through hierarchical semantic matching operators Complete in sequence and , and , and Semantic logic adaptation verification, utilizing semantic compliance inference symbols. Determine whether the semantics at each level conform to the corresponding validation rules, and then aggregate the results of the multi-level validation using an aggregation operator. Perform a logical AND operation on the compliance results at each level to output the final multi-level semantic verification result. Complete the hierarchical verification of cross-organizational and cross-scenario collaboration requests.

[0040] (4) Permission execution and dynamic adjustment After making real-time decisions on user permissions, in this embodiment 1, permission control is executed across the multi-terminal application scenarios of the knowledge management platform based on the permission decision results. Whether on a computer, mobile device, or other terminal, users can only operate on knowledge data within the authorized scope. For example, operations that meet permission requirements, such as accessing, editing, and downloading, will be allowed, while operations exceeding the authorized scope will be directly blocked by the system, ensuring consistent permission control across all terminal scenarios.

[0041] Meanwhile, the large language model continuously captures the dynamic changes of permission-related elements in real time. These changes include changes in the content of knowledge data, changes in user attributes, and changes in the lifecycle state of operational scenarios. Among them, changes in the content of knowledge data refer to alterations to the core information of the target knowledge data itself, such as updates to the core knowledge points of the data, adjustments to key parameters, and additions or removals of confidential content. These changes directly affect the semantic tags and security level of the data, thus requiring synchronous adjustments to the corresponding access and operation permissions.

[0042] Changes in user attributes involve changes to the user's core identity and permission information in the knowledge management platform. For example, changes in the user's organizational affiliation, job promotion or transfer, business role transformation, and modification of the scope of collaboration permissions will cause changes in the user's corresponding permission benchmarks, which need to be updated in a timely manner.

[0043] Changes in the lifecycle state of an operation scenario refer to the evolution of a business scenario in which a user initiates an operation request at different stages of its lifecycle. For example, a project may move from the startup phase to the execution phase and then to the closing phase; cross-organizational collaboration may transition from the initial docking phase to the in-depth cooperation phase; or the risk level of a scenario may increase or decrease due to adjustments in business needs. Different lifecycle states have different requirements and restrictions on permissions, and permission configurations need to be dynamically adapted accordingly.

[0044] Based on the captured changes, the system initiates a dynamic permission adjustment process. Specifically, it first uses the previously output permission decision as a foundation, then calls the iterated dynamic permission rule base to generate initial executable permissions, completing the dynamic assignment of permissions. Subsequently, the system verifies each individual permission element in the user's dynamic permission set from the previous moment, determining whether these permissions are semantically consistent with the dynamically changing associated elements of the currently captured permissions and the iterated dynamic permission rule base. For invalid permissions that do not meet semantic consistency, the system removes them through a permission revokement mechanism, ultimately forming the current dynamic permission set and completing the dynamic revokement of permissions.

[0045] In a preferred embodiment, the process of dynamically granting and revoking permissions is described mathematically as follows: set up for Dynamic permission set at all times The output is the permission decision result. This is a dynamic set of permission-related elements captured by a large language model (including semantic changes in knowledge data content, semantic updates to user attributes, and changes in the lifecycle state of operational scenarios). This is the iteratively updated dynamic permission rule library. Assign operators to permissions (representing the generation of executable permissions based on the mapping between decision results and the rule base). This is the permission revokement operator (representing the removal of invalid permissions based on element changes and rule base verification). The symbol for semantic consistency determination indicates that the permission does not match the associated elements and rule base of the current permission. The formula for dynamic permission granting and revoke is: , in, Represents a single permission element; The specific process is as follows: based on the decision results of the access control system... Assigning operators by permissions Call the iterated dynamic permission rule library Generate initial executable permissions; the large language model captures the dynamic changes of permission-related elements in real time. Determine symbols through semantic consistency Verify historical dynamic permission set Permissions and permissions in the middle , The matching status is used to remove invalid permissions that do not meet semantic consistency using the permission eviction operator, ultimately resulting in... Dynamic permission set at any time This enables the dynamic granting and revoke of permissions.

[0046] Furthermore, throughout the entire process of permission execution and dynamic adjustment, the system automatically generates detailed permission operation logs, recording key information such as permission granting, revocation, and user actions. These logs support semantic-based retrieval, allowing users to quickly locate relevant log records using core semantic keywords. This enables full-process traceability of permission operations, providing strong support for compliance checks and problem identification in permission management.

[0047] For example, please refer to Figure 2 In adopting such Figure 2 In the Alibaba Cloud technical architecture-based enterprise knowledge management platform, taking the dynamic adjustment of permissions for R&D department employees on "Artificial Intelligence Algorithm Core Document V3.0" as an example, the specific implementation process is as follows: When an employee in the R&D department initiates an editing request for the document, the platform, through the knowledge management service of the business service layer, inputs the employee's identity information (senior engineer in the R&D department), operation scenario information (project R&D collaboration), and the document's structured semantic tag set (including fixed tags "core technology, R&D department exclusive" and dynamic tags "project iteration v3.0") into the large language model. The model calls the dynamic permission rule library of the data storage layer to determine that the employee's initial permission is "edit + shared within the R&D department," and executes this permission control across multiple terminals on the platform through the application service link.

[0048] During permission execution, the data synchronization service captures three types of dynamic changes in real time: first, the document's content is updated due to technical optimization (changes in knowledge data content); second, the employee's user attributes change due to promotion to technical supervisor; and third, the project's transition from the R&D phase to the testing phase triggers changes in the operational scenario's lifecycle state. The large language model integrates these changes into a dynamic change set of permission-related elements, verifying the semantic consistency between the employee's historical permission set and the current elements and rule base: for old version document editing permissions that do not match the new elements, they are removed through a permission revokement mechanism; simultaneously, based on the new user attributes and scenario state, the rule base is invoked to grant the employee new permissions of "approval-level editing + limited cross-departmental sharing (test group only)," ultimately generating the current dynamic permission set and completing the dynamic granting and revoke of permissions.

[0049] In this process, Alibaba Cloud's security protection modules (Cloud Shield, WAF, etc.) ensure the network security of permission operations, middleware (RocketMQ, Redis) and database cluster (RDS) support the real-time flow of permission rules and data, and containerized deployment architecture (Docker, K8S) ensures the high availability of the large language model in the process of permission decision-making and dynamic adjustment, thereby realizing the complete implementation of the dynamic permission granting and revoke mechanism in this invention in the enterprise knowledge management scenario.

[0050] Based on this, Embodiment 1 of the present invention also provides a method implementation basis for this embodiment, specifically embodied as follows: In the data processing and semantic parsing layer, the business service modules (knowledge management service, document conversion service, etc.) in the architecture can perform standardized conversion and core semantic extraction on multi-format knowledge data, providing a unified input for generating structured semantic tag sets for large language models; the data synchronization service ensures real-time updates of knowledge data, user attributes, and operation scenarios, and supports the dynamic capture of permission-related elements.

[0051] At the permission rules and decision-making layer, the data storage module (cloud database RDS, MinIO, etc.) persistently stores the mapping rule base of "user attributes - knowledge data semantic tags - permission type" and historical permission data. The middleware (RocketMQ, Redis) realizes the efficient flow of permission rules and decision instructions, ensuring that the large language model can call the dynamic permission rule base in real time to complete semantic matching and permission decision-making.

[0052] At the security and deployment layer, Alibaba Cloud's security protection modules (Cloud Shield, WAF, etc.) construct a multi-layered security barrier from network access to the application layer, which is deeply aligned with the access control security objectives of this invention; the containerized deployment architecture (Docker, K8S) ensures the high availability and scalability of large language models in multi-user concurrent scenarios, and supports the real-time requirements for dynamic granting and revocation of permissions.

[0053] In summary, this architecture provides a feasible technical foundation for the entire process of the invented method, including "semantic tag generation, rule base iteration, real-time permission decision-making, and dynamic assignment and revocation," from the dimensions of data processing, rule storage, security protection, and service deployment.

[0054] This embodiment 1 has broad application prospects in core scenarios such as enterprise knowledge management and cross-organizational collaboration. Whether it's internal knowledge flow within large groups, R&D data collaboration in technology companies, or cross-entity data sharing in government-enterprise cooperation projects, its semantic-based precise access control capabilities can effectively solve the pain point of balancing security and efficiency in multi-dimensional data management. By automatically adapting to industry regulatory updates and project stage changes, it reduces the cost of manual access control adjustments while preventing unauthorized access risks, providing reliable guarantees for the compliant flow and efficient utilization of knowledge data. It is particularly suitable for various organizations with complex business scenarios and frequent collaboration needs during digital transformation.

[0055] In the wave of digitalization, the value of knowledge assets is becoming increasingly prominent, and the technical solution of this embodiment can be extended to more niche fields. For example, in the management of research results in scientific research institutions, it can achieve dynamic access control for classified papers and experimental data; in the management of compliance documents in the financial industry, it can adapt to real-time changes in regulatory policies; and in teaching resource platforms in the education field, it can flexibly allocate resource access permissions according to the roles of teachers and students and the teaching stage. Its access control logic, which combines stability and flexibility, can quickly adapt to the personalized needs of different industries, helping various organizations build a safer, more efficient, and intelligent knowledge management system, and providing strong support for the protection and value release of knowledge assets in the digital economy era.

[0056] Example 2 Please refer to Figure 3 This embodiment 2 provides a dynamic access control system based on a large language model and data semantics, including: The semantic parsing and tag extraction unit is used to input knowledge data of any format received by the knowledge management platform into a large language model deployed in the target environment. Through the model's multimodal data parsing and semantic understanding capabilities, it extracts the core semantic content of the knowledge data and automatically generates a structured semantic tag set. The dynamic permission rule base building unit is used to construct basic permission rules based on the user system and business scenario requirements of the knowledge management platform; combined with the semantic analysis results of historical permission interaction data and business collaboration process data by the large language model, the permission rule base is dynamically optimized to form a mapping relationship of "user attributes - knowledge data semantic tags - permission types"; The real-time permission matching and decision-making unit is used to synchronously collect user identity information and operation scenario information when a user initiates a knowledge data operation request, and input them and the semantic tag set of the target knowledge data into the large language model; the model calls the dynamic permission rule library through the semantic matching method to make real-time decisions on the user's corresponding permission scope and operation restrictions. The permission execution and dynamic adjustment unit is used to execute permission control in multi-terminal application scenarios of the knowledge management platform based on the permission decision results, allowing users to operate on knowledge data within the authorized scope; at the same time, it captures the dynamic changes of permission-related elements in real time through a large language model, and automatically updates the permission configuration when the preset adjustment conditions are met, completing the dynamic granting and revocation of permissions; and generates permission operation logs, supporting semantic-based retrieval and full-process traceability.

[0057] Example 3 This embodiment 3 also provides a computer-readable storage medium storing a computer program. When the computer program is executed by a processor, it can implement any step of a dynamic access control method based on a large language model and data semantics.

[0058] The computer-readable storage medium may include various media capable of storing program code, such as USB flash drives, portable hard drives, read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks.

[0059] For a description of the computer-readable storage medium provided in this application, please refer to the above method embodiments; further details will not be repeated here.

[0060] Those skilled in the art will readily understand that the above description is merely a preferred embodiment of the present invention and is not intended to limit the present invention. Any modifications, equivalent substitutions, and improvements made within the spirit and principles of the present invention should be included within the scope of protection of the present invention.

Claims

1. A dynamic access control method based on a large language model and data semantics, characterized in that, include: S1. Input knowledge data of any format received by the knowledge management platform into a large language model deployed in the target environment. Through the model's multimodal data parsing and semantic understanding capabilities, extract the core semantic content of the knowledge data and automatically generate a structured semantic tag set. S2. Based on the user system and business scenario requirements of the knowledge management platform, construct basic permission rules; combine the semantic analysis results of historical permission interaction data and business collaboration process data from the large language model to dynamically optimize the permission rule library and form a mapping relationship of "user attributes - knowledge data semantic tags - permission types"; S3. When a user initiates a knowledge data operation request, the user's identity information and operation scenario information are collected simultaneously and input into the large language model along with the semantic tag set of the target knowledge data. The model uses a semantic matching method to call the dynamic permission rule base and make real-time decisions on the user's corresponding permission scope and operation restrictions. S4. Based on the permission decision results, execute permission control in the multi-terminal application scenarios of the knowledge management platform, allowing users to operate on knowledge data within the authorized scope; at the same time, capture the dynamic changes of permission-related elements in real time through the large language model, and automatically update the permission configuration when the preset adjustment conditions are met, completing the dynamic granting and revocation of permissions. It also generates permission operation logs, supporting semantic-based retrieval and full-process traceability.

2. The dynamic access control method based on a large language model and data semantics according to claim 1, characterized in that, The semantic tag set in S1 includes fixed tags and dynamic tags, and is associated with document metadata; wherein, the document metadata refers to the structured description information formed during the generation, storage, circulation and management of knowledge data, which is used to uniquely identify knowledge data, associate semantic tags and support permission matching, and its types include, but are not limited to, basic identifiers, ownership associations, management attributes and business characteristic related information.

3. The dynamic access control method based on a large language model and data semantics according to claim 1, characterized in that, The rule base in S2 supports automatic iteration based on updates to industry regulations and changes in project stages. The specific process for automatic iteration is set as follows: set up for A dynamic permission rule base for real-time access control. for The permission rule base at any time. This dataset represents a set of semantic changes generated by parsing industry regulation update text for large language models. This involves analyzing project lifecycle data using a large language model to obtain a semantic set of business scenarios corresponding to changes in project stages. This is a set of semantic mapping updates for "user attributes - knowledge data semantic tags - permission types" generated by the large language model based on historical permission interaction data and business collaboration process data. To achieve a semantic rule fusion operator that logically adapts the rule base to various semantic sets and integrates them without redundancy, To remove invalid rules that have semantically conflicting historical rules, To characterize semantically conflicting relation symbols that logically contradict the rules and semantic sets, the automatic iteration formula for the rule base is as follows: , in, Represents a single permission rule element; Its iterative process is as follows: the large language model generates... , and Through semantic rule fusion operator right Integrate with the three types of sets, and then remove operators using failure rules. Eliminate Zhongyu or Historical rules with semantic conflicts eventually lead to Dynamic permission rule base at any time It enables automatic iteration of the rule base as industry regulations are updated and project stages change.

4. The dynamic access control method based on a large language model and data semantics according to claim 1, characterized in that, The permission types in S2 include at least one of the following: access, edit, download, share, and derivative operation permissions.

5. The dynamic access control method based on a large language model and data semantics according to claim 1, characterized in that, The S3 also includes: for collaborative operation requests across organizations and scenarios, automatically triggering a multi-level semantic verification mechanism to generate a temporary permission configuration scheme.

6. The dynamic access control method based on a large language model and data semantics according to claim 5, characterized in that, The multi-level semantic verification mechanism is specifically as follows: set up For multi-level semantic verification results, For a semantic subset of user identity, For a semantic subset of collaborative scenarios, For the semantic subset of knowledge data, This is a set of hierarchical permission verification rules in a dynamic permission rule base. For hierarchical semantic matching operators, For multi-level verification result aggregation operator, For semantically compliant derivation symbols, the multi-level semantic verification formula is: , The specific process involves the large language model breaking down user identity information, collaborative scenario information, and the semantic tag set of target knowledge data into... , Call the hierarchical permission verification rule set in the dynamic permission rule base. Through hierarchical semantic matching operators Complete in sequence and , and , and Semantic logic adaptation verification, utilizing semantic compliance inference symbols. Determine whether the semantics at each level conform to the corresponding validation rules, and then aggregate the results of the multi-level validation using an aggregation operator. Perform a logical AND operation on the compliance results at each level to output the final multi-level semantic verification result. Complete the hierarchical verification of cross-organizational and cross-scenario collaboration requests.

7. The dynamic access control method based on a large language model and data semantics according to claim 1, characterized in that, The dynamic changes of the associated elements in S4 include: changes in the content of knowledge data, changes in user attributes, and the lifecycle status of the operation scenario.

8. The dynamic access control method based on a large language model and data semantics according to claim 1, characterized in that, The specific process of dynamically granting and revoking permissions in S4 is as follows: set up for Dynamic permission set at all times The output is the permission decision result. This is a dynamically changing set of permission-related elements captured by a large language model. This is the iteratively updated dynamic permission rule library. Assign operators to permissions. For the privilege revoke operator, The symbol for semantic consistency determination indicates that the permission does not match the associated elements and rule base of the current permission. The formula for dynamic permission granting and revoke is: , in, Represents a single permission element; The specific process is as follows: based on the decision results of the access control system... Assigning operators by permissions Call the iterated dynamic permission rule library Generate initial executable permissions; the large language model captures the dynamic changes of permission-related elements in real time. Determine symbols through semantic consistency Verify historical dynamic permission set Various permissions and , The matching status is used to remove invalid permissions that do not meet semantic consistency using the permission eviction operator, ultimately resulting in... Dynamic permission set at any time This enables the dynamic granting and revoke of permissions.

9. A dynamic access control system based on a large language model and data semantics, characterized in that, include: The semantic parsing and tag extraction unit is used to input knowledge data of any format received by the knowledge management platform into a large language model deployed in the target environment. Through the model's multimodal data parsing and semantic understanding capabilities, it extracts the core semantic content of the knowledge data and automatically generates a structured semantic tag set. The dynamic permission rule base building unit is used to build basic permission rules based on the user system and business scenario requirements of the knowledge management platform; combined with the semantic analysis results of historical permission interaction data and business collaboration process data by the large language model, the permission rule base is dynamically optimized to form a mapping relationship of "user attributes - knowledge data semantic tags - permission type"; The real-time permission matching and decision-making unit is used to synchronously collect user identity information and operation scenario information when a user initiates a knowledge data operation request, and input them and the semantic tag set of the target knowledge data into the large language model; the model calls the dynamic permission rule library through the semantic matching method to make real-time decisions on the user's corresponding permission scope and operation restrictions. The permission execution and dynamic adjustment unit is used to execute permission control in the multi-terminal application scenarios of the knowledge management platform based on the permission decision results, allowing users to operate on knowledge data within the authorized scope; at the same time, it captures the dynamic changes of permission-related elements in real time through a large language model, and automatically updates the permission configuration when the preset adjustment conditions are met, thus completing the dynamic granting and revocation of permissions. It also generates permission operation logs, supporting semantic-based retrieval and full-process traceability.

10. A computer-readable storage medium having a computer program stored thereon, characterized in that, The computer program is executed by a processor as described in any one of claims 1-8: a dynamic access control method based on a large language model and data semantics.