76 results about "Permission system" patented technology

The invention discloses a multi-hierarchy user permission management method. All hierarchical relationships are centralized on organizations, superior-subordinate relationships of users, characters and permissions are transferred by the organizations to which the users, the characters and the permissions belong, and complexity brought to permission system design by multiple superior-subordinate relationships is greatly reduced. In the multi-hierarchy user permission management method disclosed by the invention, a data range is only associated with the organizations; after the users are authorized by "organizations-characters", when operation permissions are limited by the "characters", data operation ranges of the users are also limited by the "organizations", so that service logics of checking legalities of the data ranges are greatly simplified. Accounts, the organizations, the characters and the permissions have many-to-many relationships, and in an actual service, very high operation flexibility can be brought in. The multi-hierarchy user permission management method disclosed by the invention is designed on the basis of universality, and can be completely reused by modular design for various management systems of multi-hierarchy organizations, such as the education industry, government departments, group companies and the like. Based on the points above, the multi-hierarchy user permission management method disclosed by the invention can bring the effects of greatly simplifying the permission system service logic of the multi-hierarchy organizations and greatly reducing range checking logics, so that product quality can be improved, and development and maintenance cost is greatly reduced.

The invention relates to a permissions configuration management system, which belongs to the technical field of internet information technology. The system comprises a permissions definition module, a role definition module, a user definition module, a role and permissions relation maintaining module, a user and role relation maintaining module and an external interface module; the permissions definition module and the role definition module are connected through the role and permissions relation module; the data in the permissions definition module is stored in XML files; the data in the role definition module is stored in database; the data in the role and the permissions relation module is stored in the database; the role definition module and the user definition module are connected through the user and the role relation module; the data in the user definition module and the user and the role relation module are all stored in the database; and the external interface of the permissions system is connected with the database for transferring data of the database. The permissions configuration management system has a function of dynamically configuring permissions and is featured with simple configuration, strong extensibility and strong transferability.

In order to solve the problem that in the prior art, in enterprise-level application based on a block chain technology, how to build blockchain user access authority management meeting industry rulesand standard data of enterprise-level application requirements, the invention provides a blockchain user permission system based on different blockchain platforms and a permission implementation method in the system. The authority system is composed of a block chain infrastructure module, a consensus decision service module, an intelligent contract management module, an intelligent contract authority management module and a system authority management module. The system built by the modules determines the validity of the smart contract by using a consensus mechanism, selects a new smart contract manager, manages the access permission of the smart contract by judging the validity of the contract and the validity of the contract manager at the same time, and finally achieves the purposes ofdecentralization and high security of the access permission management of the blockchain user.

The invention discloses a file sharing method based on an encryption and permission system. The file sharing method comprises the implementation steps that (1) a server establishes user information and sets the security level of a user; (2) the user logs in and carries out authentication; (3) the user sets the security level of a secret shared file, carries out encryption through a random secret key, stores the unique authentication code, the security level and the encryption secret key of the encrypted secret shared file on the server, and sends the encrypted secret shared file to a network; (4) when the secret shared file is used, a client sends a decryption request including the unique authentication code of the secret shared file and the security level of the user, if the security level of the user is higher than or the same as the security level of the secret shared file, the client can receive a decryption secret key fed back by the server, the client decrypts the secret shared file through the decryption secret key, and opens the secret shared file, and if the security level of the user is lower than the security level of the secret shared file, rejection information is fed back. The file sharing method based on the encryption and permission system has the advantages of being high in safety, convenient to use and capable of being used for sharing of secret files inside a unit.

A virtualized computing system includes a plurality of inventory objects and an access control subsystem that manages permissions to perform actions on the inventory objects using corresponding access control labels of the inventory objects. Permissions are managed by detecting a change in an association of a tag with an inventory object, where the tag defines one or more users and one or more privileges. In response to the detecting, an access control label of the inventory object is updated based on the users and privileges that are defined by the tag.

A differentially private system receives a request from a client to perform a query on data stored in a database. The differentially private system establishes a set of permissions of the client with respect to the data in the database. The differentially private system deconstructs the query into query components. The query components include at least one relation that identifies a dataset in the database and at least one expressions specifying an operation to be performed in the identified dataset. The differentially private system identifies permissions necessary to perform the specified operation on the identified dataset. The differentially private system determines whether the established permissions grants of the client include the identified permissions necessary to perform the specified operation on the identified dataset. The differentially private system selectively executes the query responsive to the determination.

A cloud control the access control management system and the authentication method used with one or a plurality of C-Lock connection management, the system includes at least: a system program and provide the management interface for programming operations, which contain five functional modules: a user module, a permission system module, a device management module, a virtual computing module and an event processing module combination; a database for storing the management information and function of identification information. Certification Department of the present invention is the use of multi-functional identification of cloud control lock mechanism through the encryption of network traffic and Cloud control the access control management system connection; it is close and remote two ways to achieve the purpose of certification.

A communication network is disclosed that uses voice authentication to provide call control. The communication network includes a call control function, a voice collection system, a voice authentication system, and a permission system. The voice collection system collects voice samples of a first party during the call to a second party, and transmits the collected voice samples to the voice authentication system. The voice authentication system compares the collected voice samples to stored voice samples to determine the identity of the first party. The permission system determines whether the first party is authorized for the call based on the identity of the first party. The permission system generates results based on the determination and transmits the results to the call control function. The call control function then processes the results, and interrupts the call if the first party is not authorized.

The invention discloses a method for cutting and combing computer network pages with a permission system, relating to the cutting and displaying of the computer network web system pages. The method comprises the steps of system and data table establishment, permission penetration, page cutting, cutting content combination and cutting content displaying. The invention combines the permission penetration technology with the page cutting and combining technology, firstly realizes permission penetration for service subsystems by the single sign-on technology, and then recombines the contents and functions required by the pages of a plurality of service subsystems to form an integrated page based on the affiliated permission via the page cutting and combining technology. The method has the advantages of integrating and displaying contents which are scattered in a plurality of service subsystems with permission originally via technical means, and maintaining real-time synchronization of the displayed information and the original service subsystems.

The invention discloses an alliance block chain wallet node communication permission system and method. The system comprises a wallet node, a full node and a permission management system; the wallet node is configured and deployed at a personal client and is a block chain access entrance, so that the personal client can conveniently access the block chain to carry out transaction, and the wallet nodeprovides certificate application, communication request and acceptance, and transaction initiation and acceptance services for the user; the full node is configured to be deployed on a server and provided with a node of a complete block chain account book, synchronize all block chain data, independently verify all transactions on a block chain and update the data in real time, is responsible for broadcasting and verifying the transactions of the block chain, and is responsible for providing certificate verification, communication acceptance or certificate blacklist management service; and the permission management system is configured to be deployed on the alliance block chain, is responsible for auditing all wallet nodes on the alliance block chain, and is responsible for providing identity verification, certificate creation and issuing, certificate verification or certificate revocation services.

The invention discloses a method and a device for managing playing authority. The method for managing playback rights includes: according to the input information submitted by the terminal, retrieving video resources that conform to the input information; obtaining the permission identifier of the video resource and the qualification identifier of the terminal that plays the video resource; Judging whether the qualification identifier of the terminal satisfies the authority identifier of the video resource; if the qualification identifier of the terminal meets the authority identifier of the video resource, transmit the video resource to the terminal. The present invention can automatically judge whether the terminal has the authority to play the video resource according to the above-mentioned permission identifier and qualification identifier after obtaining the authority identifier of a certain video resource and the qualification identifier of the terminal playing the video resource, and realizes the identification through the identification To manage the playback rights of video resources, thereby improving the operating efficiency of the video resource playback rights system.

The invention discloses an access control permission management method and an access control permission system for automobiles. The method comprises the following steps that: a main user terminal generates corresponding key information according to vehicle utilization limit requirements of a secondary user and sends the key information to a secondary user terminal, wherein the key information include access right contents, valid number of times and effective date; and the secondary user terminal sends the key information to a vehicle body controller of an automobile to drive the vehicle body controller to carry out operations corresponding to the key information. According to the access control permission management method of the technical scheme, the purposes of conveniently, rapidly and flexibly managing the access control permission of the automobile when the main user shares the access control permission of the automobile with the secondary user can be achieved.

A system, computer program product and method for providing high delivery performance in a value chain network utilizing a finite capacity planning and scheduling model. The system includes a plurality of remote computers in communication with a respective plurality of remote users, a service provider computer having a computer program stored in non-transient memory and one or more microprocessors, a network interface in communication with the central server and the plurality of remote computers over a shared network, a shared database, having a master data repository and an execution data repository, in communication with the service provider computer, a multi-party module configured to onboard the plurality of remote users onto the shared network via the network interface, a real-time module configured to manage in real-time a shared data model common to at least a portion of the plurality of remote users, a permissibility network module having a permission system, a control system and software tools that manages access permissions to the shared network, the master data repository and to the execution data repository, and a planner module having an initial overall planning module and re-planning module. The re-planning module is configured to re-plan upon a change in condition in the value chain network and to limit planning to only those portions of the value chain network affected by the change in condition. Each of the plurality of remote users represents one of a plurality of entities in a value chain. Each of the plurality of remote users has at least one of a plurality of roles. The network interface is configured to receive one or more transactions via the shared network. The value chain network has shared access to a shared database on the service provider computer over the shared network. The shared data model is in communication with the master data repository and the execution data repository. The permission system is configured to provide access permissions to the plurality of remote users using predefined configuration settings. The control system includes rules that vary for each of the plurality of entities and by the respective role of the plurality of remote users. The rules define the read, write, edit and delete permissions and access rights to specific portions of the shared data model. The service provider computer is configured to: (i) provide access to the shared network to the plurality of remote computers based on the respective access permission of the one of the plurality of remote users provided by the permissibility network module, (ii) provide access to the master data repository and to the execution data repository based on the respective access permission of the one of the plurality of remote users provided by the permissibility network module, and (iii) manage access and updates to specific portions of the shared data model for all relevant remote users of the plurality of remote users.

The embodiment of the present application provides a role optimization method and device in the RBAC authority system. The method includes: calculating the similarity between any two roles in the specified roles; taking one of the specified roles as a starting point, and according to the traversal condition that the similarity between the roles is the largest, in the specified role. traversing the graph; determining similar roles according to the traversal results; determining an optimized role for the similar roles according to a set of identical permissions and a set of different permissions among the similar roles. The embodiment of the present application makes the set of permissions among the roles as completely independent as possible, and together represent a business meaning, thereby reducing the occurrence of the same or overlapping permissions in different roles, and further reducing the unreasonable assignment of roles to users. System security risks.

When a user inputs an action request, such as a requested command, to be performed on a target machine, a management system receives the request and verifies it with a separate authentication and permission system. The verified command request is sent to the target machine. An authentication worker on the target machine accesses a set of policies, local to the target machine, to identify a least privileged execution environment in which the requested command can be performed. The authentication worker on the target machine launches the requested command within the identified least privileged execution environment on the target machine.

The invention discloses a routing method and device for a database cluster, and relates to the technical field of computers. A specific embodiment of the method comprises the following steps: receiving a database access request, wherein the database access request carries a target business system identifier and a target user identifier; matching configuration information of a corresponding target database cluster according to the target service system identifier, the target user identifier and access permission information configured in a permission system; and routing the database access request to the target database cluster according to the configuration information of the target database cluster. According to the embodiment, the technical problems that server resources are wasted, the maintenance cost is high or the service operation invasiveness is large can be solved.

The invention discloses a method and a device for determining the setting reasonability of a permission system. The method comprises the following steps: creating user, role and operation vectors based on user data; creating a user-role association matrix according to user and role vectoirs, creating a role-operation association matrix according to user and operation vectors; calculating a user-opertaion association matrix according to the user-role association matrix and the role-operation association matrix, wherein rows of the user-opertaion association matrix resprent represent users and lists of the user-opertaion association matrix represent operation; calculating rank r of the user-opertaion association matrix; according to the rank r of the user-opertaion association matrix and therow number m of the user-opertaion association matrix, determining rationality of configuration of an authority system. By analyzing the user-opertaion association matrix, rationality of the authority system is determined. A nonsingular system is an optimized authority system.

The invention provides a permission system data storage method and related equipment. The method comprises the steps that an authority management server obtains authority configuration information, and the authority configuration information comprises directional relations between storage objects; the method also includes recording the relationship between each storage object and other storage objects in attribute information corresponding to the storage object; storing each storage object and the attribute information corresponding to the storage object in a graph database, wherein the storage object comprises resource information, permission information and role information of the permission system, the resource information comprises permission system data, the permission information comprises operation executed on the resource information, and the role information comprises roles with permissions corresponding to the permission information. The method can improve the authority query efficiency and shorten the authority query time.

When a user inputs an action request, such as a requested command, to be performed on a target machine, a management system receives the request and verifies it with a separate authentication and permission system. The authentication and permission system verifies signatures on the request and signs it and generates an approved workflow package. The approved workflow package is sent to the target machine.

The invention provides a role permission setting method and device, and belongs to the technical field of computers, and the method comprises the steps: obtaining a permission updating request carrying a role permission identifier and a role identifier; identifying an original role permission identifier corresponding to the original role identifier in the original permission system; and when the original permission system does not contain the original role permission identifier which is completely the same as the role permission identifier, creating a newly-added permission system containing the role identifier according to a preset rule, wherein the role identifier in the newly-added permission system has a role permission corresponding to the role permission identifier. Therefore, a flexible role permission setting method is provided, and when the role permission changes, the original role permission is not covered, and a new role permission service can be provided.