CN102456106A - Method and device for assigning user right, and method and device for controlling user right - Google Patents
Method and device for assigning user right, and method and device for controlling user right Download PDFInfo
- Publication number
- CN102456106A CN102456106A CN2010105292898A CN201010529289A CN102456106A CN 102456106 A CN102456106 A CN 102456106A CN 2010105292898 A CN2010105292898 A CN 2010105292898A CN 201010529289 A CN201010529289 A CN 201010529289A CN 102456106 A CN102456106 A CN 102456106A
- Authority
- CN
- China
- Prior art keywords
- mode
- authority
- role
- user
- pattern
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention provides a method and device for assigning a user right, and a method and device for controlling a user right, wherein the method for assigning the user right specifically comprises the following steps of: defining the role of a user and generating a user role mapping relationship; and then defining the right of the role based on a working mode and generating a mapping relationship of the role to the working mode and the right. The method is capable of enhancing the user right assignment security and reducing wrong operations of the user.
Description
Technical field
The present invention relates to user right control technology field, particularly relate to a kind of user right distribution method and device, a kind of user authority control method and device.
Background technology
In the production control field, large-scale collection bunch device control softwares such as surface-mounted integrated circuit (IC, Integrated Circuit) etching system software and light emitting diode (LED, Light Emitting Diode) etching system software are a multi-user's system often.Wherein, user's role generally comprises producers, process engineer and Electrical Engineer etc., and different roles can carry out the operation of different stage through software.For example for producers, this role definition is not high to the board degree of understanding, the production operation of only fixing, and and for example for the Electrical Engineer, this role definition often carries out the operation of some maintenance type for board is understood very much to board.Like this, for guaranteeing the safety of board to greatest extent, producers must not bypass the immediate leadership and operate Electrical Engineer's authority, therefore relate to the problem of user right inevitably.
At present, large-scale collection bunch device control software mainly adopts access control (RBAC, the Role-Based Access Control) model based on the role.The basic thought of RBAC model is a notion of between user and authority, introducing the role, and authority is associated with the role, and the user obtains these roles' authority through the member who becomes suitable role.With reference to Fig. 1, show the process flow diagram of a kind of user authority control method based on the RBAC model of prior art, specifically can comprise:
Whether step 103, judges pass through checking, if then execution in step 104, otherwise, return step 102;
Certain operation is carried out in step 105, user's request;
Whether step 106, system's judges have this authority, if then execution in step 107, otherwise, execution in step 108;
Based on above-mentioned RBAC model,, show the user right allocative decision of a kind of typical semiconductor equipment Control Software of prior art with reference to Fig. 2.In this scheme, between user and the role many-to-one relation, promptly user can only belong to a kind of role and the role can comprise a plurality of users, and for example user 1 is role 1 member, and user 2 and user 3 all are members of role 3.Be the relation of multi-to-multi between role and the authority, promptly a kind of role can have multiple authority, and a kind of authority also can belong to multiple role.
But because a kind of role can have multiple authority, for example: the Electrical Engineer, its existing quantity-produced authority has the authority of operating a certain board device again.After the Electrical Engineer clicked the quantity-produced button, board began continuous production; If in board quantity-produced process; This Electrical Engineer removes to operate some board devices of board again; Just might destroy the continuous production of board, particularly, in continuous flow procedure; Molecular pump has been turned off in maloperation if the Electrical Engineer utilizes the authority of a certain board device of operation that is had, and produces just compelled stopping this moment continuously.Therefore, there is the low shortcoming of security in existing user right allocative decision.
In a word, need the urgent technical matters that solves of those skilled in the art to be exactly: how can improve the security that user right distributes under the said circumstances.
Summary of the invention
The present invention provides a kind of user right distribution method and device, in order to increase the security that user right distributes, reduces misoperation of users.
Accordingly, the present invention also provides a kind of user authority control method and device, in order to ensure realization and the application of said method in reality.
In order to address the above problem, the invention discloses a kind of user right distribution method, comprising:
Definition user's role generates the user role mapping relations;
The definition role generates the mapping relations between role, mode of operation and the authority based on the authority of mode of operation.
Preferably, said mode of operation comprises automatic mode and manual mode.
Preferably, said method also comprises:
Said mode of operation is managed, and wherein, said management comprises new mode of operation, deletion mode of operation and the editing pattern created;
And/or the mapping relations between persona, mode of operation and the authority are managed.
According to another embodiment, the invention also discloses a kind of user authority control method, comprising:
Obtain defined active user's role;
Obtain the work at present pattern;
According to said role, obtain the authority of said role based on the work at present pattern; Said role based on the authority of mode of operation by: this role this mode of operation following the authority that can exercise;
Open the authority of being obtained to the active user.
Preferably, said step from the authority of being obtained to the active user that open is that the authority of being obtained is shown as operable state.
Preferably, said method also comprises: said role is shown as not operable state based on the authority of non-work at present pattern.
Preferably, said mode of operation comprises switchable multiple mode of operation, and said method also comprises:
When receiving active user's mode of operation handoff request,, then carry out corresponding work mode and switch if satisfy the condition of said mode of operation handoff request.
Preferably, said mode of operation comprises automatic mode and manual mode.
According to another embodiment, the invention also discloses a kind of user right distributor, comprising:
The user role mapping block is used to define user's role, generates the user role mapping relations;
Role's pattern permissions mapping module is used to define the authority of role based on mode of operation, generates the mapping relations between role, mode of operation and the authority.
Preferably, said mode of operation comprises switchable multiple mode of operation.
Preferably, said mode of operation comprises automatic mode and manual mode.
Preferably, said device also comprises:
The mode of operation administration module is used for said mode of operation is managed, and wherein, said management comprises new mode of operation, puncturing pattern, the editing pattern created;
And/or, the mapping relations administration module, the mapping relations that are used between persona, mode of operation and the authority are managed.
According to another embodiment, the invention also discloses a kind of user right control device, comprising:
Role's acquisition module is used to obtain defined active user's role;
The mode of operation acquisition module is used to obtain the work at present pattern;
The authority acquiring module is used for according to said role, obtains the authority of said role based on the work at present pattern; Said role based on the authority of mode of operation by: this role this mode of operation following the authority that can exercise; And
The open module of authority is used for opening the authority of being obtained to the active user.
Preferably, the open module of said authority specifically is used for the authority of being obtained is shown as operable state.
Preferably, the open module of said authority also is used for said role is shown as not operable state based on the authority of non-work at present pattern.
Preferably, said mode of operation comprises switchable multiple mode of operation, and said device also comprises:
Mode switch module is used for when receiving user's mode of operation handoff request, if satisfy the condition of said mode of operation handoff request, then carries out corresponding work mode and switches.
Preferably, said mode of operation comprises automatic mode and manual mode.
Compared with prior art, the present invention has the following advantages:
The present invention defines mode of operation when distributing user permission, and generates the mapping relations of role+mode of operation to authority; Because in technical fields such as production control fields; Can there be mutual interference problem in the multiple operation that belongs to different working modes; And the authority that the user had among the present invention is user's role and the common decision of mode of operation, and this just makes identical user under the different working pattern, have different authorities, therefore; Can avoid and the corresponding multiple operation of authority between corresponding interference, and then the security of improve producing.
Moreover the present invention can be shown as operable state with user's authority; Further, can also non-active user's authority be shown as not operable state.Wherein, said operable state can be some exercisable buttons, and is shown as the state that can click; Said not operable state can be some buttons that can not operate, and is shown as the state of can not clicking.Like this, though the user can see non-active user's authority,, therefore can reduce the probability of user misoperation, thereby further increase the security of work owing to can not operate.
Description of drawings
Fig. 1 is the process flow diagram of a kind of user authority control method based on the RBAC model of prior art;
Fig. 2 is the user right allocative decision of a kind of typical semiconductor equipment Control Software of prior art;
Fig. 3 is the process flow diagram of a kind of user right distribution method of the present invention embodiment;
Fig. 4 is the example of a kind of user right allocative decision of the present invention;
Fig. 5 is the structural drawing of a kind of user right distributor of the present invention embodiment;
Fig. 6 is the process flow diagram of a kind of user authority control method embodiment of the present invention;
Fig. 7 is the flow example of a kind of logging in system by user of the present invention;
Fig. 8 is the flow example of a kind of user's switching working mode of the present invention;
Fig. 9 is the structural drawing of a kind of user right control device of the present invention embodiment.
Embodiment
For make above-mentioned purpose of the present invention, feature and advantage can be more obviously understandable, below in conjunction with accompanying drawing and embodiment the present invention done further detailed explanation.
The present invention can be used in numerous general or special purpose calculation element environment or the configuration.For example: personal computer, server computer, handheld device or portable set, flat equipment, multiprocessor device, comprise DCE of above any device or equipment or the like.
The present invention can describe in the general context of the computer executable instructions of being carried out by computing machine, for example program module.Usually, program module comprises the routine carrying out particular task or realize particular abstract, program, object, assembly, data structure or the like.Also can in DCE, put into practice the present invention, in these DCEs, by through communication network connected teleprocessing equipment execute the task.In DCE, program module can be arranged in this locality and the remote computer storage medium that comprises memory device.
In the prior art, a kind of role can have multiple authority, cause with the corresponding multiple operation of said multiple authority between mutual interference mutually; Under this user right allocative decision; Because board (for example is in the different working pattern; The mode of operation of existing board mainly comprises automatic mode and manual mode), in a single day the user has ignored the residing mode of operation of board and has operated, and will bring potential safety hazard.
The multiple operation of above-mentioned phase mutual interference belongs to the different working pattern, and the inventor herein has noticed this point, thereby has creatively proposed one of core idea of the present invention; Also be; Through user's role and the present residing mode of operation of board, determine user's authority jointly, make identical user under the different working pattern, have different authorities; Can avoid and the corresponding multiple operation of authority between corresponding interference, and then the security of improve producing.
With reference to Fig. 3, show the process flow diagram of a kind of user right distribution method of the present invention embodiment, specifically can comprise:
The present invention can be applied to that production control, office automation (OA, Office Automation), business control, service control etc. are various to have a technical field that mode of operation and different working modes can have different operation down; For for simplicity; In specific embodiment of the present invention, all adopting the manufacture of semiconductor in the production control field is that concrete applied environment is introduced; But it should be as application limitations of the present invention, and in fact, the present invention can be applied in the automatic control technology of other various complicated technologies; For example, production technology of large-size chemical product or the like.
This step can be used for user and role are bound, for the user distributes the role, and the mapping relations between recording user and the role.
Suppose that user profile is as shown in table 1:
Table 1
| User profile |
| Zhang San |
| Li Si |
| The king five |
| Zhao six |
Role Information is as shown in table 2:
Table 2
| Role Information |
| Producers |
| The process engineer |
| The Electrical Engineer |
| The customer administrator |
With reference to the role of table 3 definition relative users, generate the user role mapping relations a kind of example can for:
Table 3
| The user role mapping relations |
| Zhang San-producers |
| Li Si-process engineer |
| King five-Electrical Engineer |
| Zhao six-customer administrator |
With reference to Fig. 4; Show the example of a kind of user right allocative decision of the present invention, 401 parts wherein are the another kind of example of role-map relation, and it shows many-to-one relation between user and the role; For example; User 1 and user 2 all are members of role 1, and user 3 is members of role 2, and user 4 is members of role 3 or the like.
Be appreciated that; Be not restricted to many-to-one relation between user of the present invention and the role; It can also be the relation of multi-to-multi, man-to-man relation or the like, and those skilled in the art can be according to actual needs, the role of definition relative users; Generate the user role mapping relations, the present invention does not limit this.
In reality, essential informations such as user's number of the account, password, and the role that the user is defined can deposit to user role mapping relations; Thereby preferred, said user role mapping relations can comprise username field, password field and role's field; For example, with reference to table 4:
Table 4
| Number of the account | Password | The role |
| Zhang San | ****** | Producers |
| Li Si- | ****** | The process engineer |
| The king five | ****** | The Electrical Engineer |
| Zhao six | ****** | The customer administrator |
In embodiments of the present invention, said mode of operation can comprise switchable multiple mode of operation.
According to definition, authority can be expressed as such logical expression: whether the logical expression of judging " Who carries out the operation of How to What " is true.Here, Who: the gathering around of authority with person or main body (User, Role or the like); What: object that authority is directed against or resource (Resource etc.); How: concrete authority (Privilege).
For example, in manufacture of semiconductor, the object that authority is directed against is board often, and like this, the role is appreciated that the authority that under certain mode of operation, can exercise to board into certain role based on the authority of mode of operation; At this moment, can define two kinds of mode of operations according to the process apparatus of using: automatic mode and manual mode; Wherein, automatic mode is meant that board is in the state of fully-automatic production, under full automatic situation; Do not allow operating personnel to remove to operate the parts of board,, fall pin such as rising pin; Drive valve and close valve etc.; Only allow operating personnel to send and the relevant operation of production automatically, produce automatically, stop production automatically etc. such as beginning; And manual mode can not carry out producing continuously automatically, and a few thing that can only be carried out plant maintenance by operating personnel is such as with nitrogen chamber being purged etc.
When board satisfied switching condition, the present invention can carry out the switching of mode of operation to satisfy user's handoff request.For example; When the present invention is applied to the user right distribution software; Suppose that the default conditions behind this software startup are manual modes, and this moment the user if switch to automatic mode, then need be through a series of simple boards operations; With board place a kind of can the quantity-produced state, make board satisfy the condition that switches to automatic mode; Like this, the user can pass through function software, and the mode of operation of board is switched to automatic mode from manual mode.As a kind of applying examples of the present invention in manufacture of semiconductor, the said condition that switches to automatic mode specifically can comprise:
In A, the board action of carrying out can not be arranged, the flow process of all operations board all is in completion status;
B, board have arrived and have satisfied the state of producing automatically;
In C, the board untreated warning can not be arranged.
And for example; Use said automatic mode the user and carry out having the demand of safeguarding board again after plurality of continuous produces, also promptly switch to manual mode; At this moment; Need check that also board sees whether it satisfy and switch the condition of dynamic model formula of turning round and stretching out the hand,, the mode of operation of board switched to automatic mode from manual mode then through function software.For example, in manufacture of semiconductor, only accomplish, do not have at present just can switch to manual mode under the situation of automatic task of producing in automatic production.
Wherein, can carry out the judgement of switching condition by software or user, to satisfy the handoff requirement that the user constantly changes, the present invention does not limit the executor and the executable operations of concrete switching condition and said switching condition.
In the prior art, for " production engineer ", production operation and closure molecule are pump operated automatically all is his normal authority; But closure molecule is pump operated can to disturb automatic production operation, like this; Both influence normal production automatically, and can bring the potential safety hazard of production again.
The inventor herein finds that under study for action just can there be mutual interference problem in the multiple operation that only belongs to different working modes, and there is not mutual interference problem in the multiple operation under the identical mode of operation.For example, the automatic production operation of opening and closing all belongs to automatic mode, and the operation of opening and closing molecular pump all belongs to manual mode, has only the multiple operation of crossing over mode of operation just can have mutual interference problem.
Therefore, the present invention binds role+mode of operation and authority, and record role+mode of operation is to the mapping relations of authority.
With reference to table 5, show the example of a kind of role+mode of operation of the present invention to the mapping relations of authority:
Table 5
| Role+mode of operation | Authority |
| Electrical Engineer+automatic mode | Open, close automatic production operation |
| Electrical Engineer+manual mode | Open, closure molecule is pump operated |
Like this, under automatic mode, the present invention does not distribute to the authority that the Electrical Engineer operates molecular pump, thereby, can avoid and the corresponding multiple operation of authority between corresponding interference, and then the security of improve producing.
With reference to 402 parts among Fig. 4; Show the example of the another kind of role+mode of operation of the present invention to the mapping relations of authority, wherein, mode of operation can comprise pattern 1 and pattern 2; The role can comprise role 1, role 2 and role 3; Authority can comprise authority 1, authority 2... authority 8 and authority 9 etc., and correspondingly, said role+mode of operation is as shown in table 6 to the mapping relations of authority:
Table 6
| Role+mode of operation | Authority |
| Role 1+ pattern 1 | Authority 1, authority 2 |
| Role 1+ pattern 2 | Authority 3, authority 4 |
| Role 2+ pattern 1 | Authority 4, authority 5 |
| Role 2+ pattern 2 | Authority 6, authority 7 |
| Role 3+ pattern 1 | Authority 7 |
| Role 3+ pattern 2 | Authority 8, authority 9 |
Be appreciated that the present invention allows to have the user of administration authority (like the customer administrator) and carries out the management that user right distributes, said management specifically can comprise:
1, the user is managed.As create new user, deletion user, compiles user, the affiliated role of modification user etc.;
2, persona is managed, as creating new role, deletion role, editor's role;
3, mode of operation is managed, as create new mode of operation, puncturing pattern, editing pattern etc.;
For example, the process apparatus according to current application in the manufacture of semiconductor has only defined two kinds of mode of operations, still along with the increase and the change of demand, can also continue to increase the kind of mode of operation, perhaps, deletes existing mode of operation etc.Therefore, mode of operation kind of the present invention is not limited to two kinds, and it can also be three kinds, four kinds etc.
4, authority is managed, as create new authority, erase right, editing authority etc.;
5, persona+mode of operation is managed to the mapping relations of authority, as revising authority that role+mode of operation has or the like.
To sum up, the present invention can be neatly distributes user right and manages, and strengthens the extendability of distributing.
Corresponding with aforementioned user right distribution method embodiment, the invention also discloses a kind of user right distributor, with reference to Fig. 5, specifically can comprise:
User role mapping block 501 is used to define user's role, generates the user role mapping relations;
Role's pattern permissions mapping module 502 is used to define the authority of role based on mode of operation, generates the mapping relations between role, mode of operation and the authority.
In practical application, said mode of operation can comprise switchable multiple mode of operation, and for example, said mode of operation can comprise automatic mode and manual mode.
In a kind of preferred embodiment of the present invention, said user right distributor can also comprise:
The mode of operation administration module is used for said mode of operation is managed, and wherein, said management comprises new mode of operation, puncturing pattern, the editing pattern etc. created;
And/or, the mapping relations administration module, the mapping relations that are used between persona, mode of operation and the authority are managed.
For user right distributor embodiment, because it is similar basically with user right distribution method embodiment shown in Figure 3, so description is fairly simple, relevant part gets final product referring to the part explanation of user right distribution method embodiment.
With reference to Fig. 6, show the process flow diagram of a kind of user authority control method embodiment of the present invention, specifically can comprise:
In reality, can carry out presetting of user role mapping relations with reference to user right distribution method shown in Figure 3, then according to the user role mapping relations that preset, obtain the affiliated role of active user.
Because the role is the authority that certain role can exercise to object under certain mode of operation based on the authority of mode of operation, like this, desires to obtain the authority of role based on mode of operation, then need at first obtain the residing mode of operation of object.For example, in manufacture of semiconductor, then be the residing work at present pattern of object board, said work at present pattern can be any of defined multiple mode of operation, like automatic mode etc.
For example, can preset the mapping relations between role, mode of operation and the authority, according to said mapping relations, obtain the authority of said role then based on the work at present pattern with reference to user right distribution method shown in Figure 3.For example, in manufacture of semiconductor, said role is appreciated that the authority that under certain mode of operation, can exercise to board into certain role based on the authority of mode of operation.
In concrete the realization, said step 604 can be shown as operable state with the authority of being obtained; Further, can also said role be shown as not operable state based on the authority of non-work at present pattern.Wherein, said operable state can be some exercisable buttons, and is shown as the state that can click; Said not operable state can be some buttons that can not operate, and is shown as the state of can not clicking.Like this, though the user can see the authority of non-work at present pattern, owing to can not operate, so can reduce the probability of user misoperation, thus the security of work increased.
For making those skilled in the art understand the present invention better, with reference to Fig. 7, in a kind of applying examples of the present invention, the flow process of logging in system by user can comprise:
Whether step 703, judges pass through checking, if then execution in step 704, otherwise, return step 702;
After user's login,,,, be simple and easy to the advantage of usefulness so the present invention except that the advantage with security, also has handled easily to cannot operation permission being shown as the state that to click because manipulable authority is shown as manipulable state.
In a kind of preferred embodiment of the present invention, said mode of operation can comprise switchable multiple mode of operation, and said method can also comprise:
When receiving user's mode of operation handoff request,, then carry out corresponding work mode and switch if satisfy the condition of said mode of operation handoff request.
For example, said mode of operation can comprise automatic mode and manual mode.In addition, can carry out the judgement of switching condition by software or user, to satisfy the handoff requirement that the user constantly changes, the present invention does not limit the executor and the executable operations of concrete switching condition and said switching condition.
With reference to Fig. 8, show the process flow diagram of a kind of user's switching working mode of the present invention, specifically can comprise:
For user authority control method embodiment; Because its user role mapping relations and role+mode of operation are to the mapping relations of authority; Similar basically with user right distribution method embodiment shown in Figure 3; So that describes is fairly simple, relevant part gets final product referring to the part explanation of user right distribution method embodiment.
Corresponding with aforementioned user authority control method embodiment, the invention also discloses a kind of user right control device, with reference to Fig. 9, specifically can comprise:
Role's acquisition module 901 is used to obtain defined active user's role;
Mode of operation acquisition module 902 is used to obtain the work at present pattern;
The open module 904 of authority is used for opening the authority of being obtained to the active user.
Preferably, the open module 904 of said authority can specifically be used for the authority of being obtained is shown as operable state.
More preferred, the open module 904 of said authority also can be used for said role is shown as not operable state based on the authority of non-work at present pattern.
In a kind of preferred embodiment of the present invention, said mode of operation can comprise switchable multiple mode of operation, and said device can also comprise:
Mode switch module is used for when receiving user's mode of operation handoff request, if satisfy the condition of said mode of operation handoff request, then carries out corresponding work mode and switches.
Preferably, said mode of operation can comprise automatic mode and manual mode.
Each embodiment in this instructions all adopts the mode of going forward one by one to describe, and what each embodiment stressed all is and the difference of other embodiment that identical similar part is mutually referring to getting final product between each embodiment.
More than to a kind of user right distribution method provided by the present invention and device, a kind of user authority control method and device; Carried out detailed introduction; Used concrete example among this paper principle of the present invention and embodiment are set forth, the explanation of above embodiment just is used for helping to understand method of the present invention and core concept thereof; Simultaneously, for one of ordinary skill in the art, according to thought of the present invention, the part that on embodiment and range of application, all can change, in sum, this description should not be construed as limitation of the present invention.
Claims (16)
1. a user right distribution method is characterized in that, comprising:
Definition user's role generates the user role mapping relations;
The definition role generates the mapping relations between role, mode of operation and the authority based on the authority of mode of operation.
2. the method for claim 1 is characterized in that, said mode of operation comprises automatic mode and manual mode.
3. like each described method in the claim 1 to 2, it is characterized in that, also comprise:
Said mode of operation is managed, and wherein, said management comprises new mode of operation, deletion mode of operation and the editing pattern created;
And/or the mapping relations between persona, mode of operation and the authority are managed.
4. a user authority control method is characterized in that, comprising:
Obtain defined active user's role;
Obtain the work at present pattern;
According to said role, obtain the authority of said role based on the work at present pattern; Said role based on the authority of mode of operation by: this role this mode of operation following the authority that can exercise;
Open the authority of being obtained to the active user.
5. method as claimed in claim 4 is characterized in that, said step from the authority of being obtained to the active user that open is that the authority of being obtained is shown as operable state.
6. method as claimed in claim 5 is characterized in that, also comprises: said role is shown as not operable state based on the authority of non-work at present pattern.
7. like each described method in the claim 4 to 6, it is characterized in that said mode of operation comprises switchable multiple mode of operation, said method also comprises:
When receiving active user's mode of operation handoff request,, then carry out corresponding work mode and switch if satisfy the condition of said mode of operation handoff request.
8. method as claimed in claim 7 is characterized in that said mode of operation comprises automatic mode and manual mode.
9. a user right distributor is characterized in that, comprising:
The user role mapping block is used to define user's role, generates the user role mapping relations;
Role's pattern permissions mapping module is used to define the authority of role based on mode of operation, generates the mapping relations between role, mode of operation and the authority.
10. device as claimed in claim 9 is characterized in that said mode of operation comprises automatic mode and manual mode.
11. like claim 9 or 10 described devices, it is characterized in that, also comprise:
The mode of operation administration module is used for said mode of operation is managed, and wherein, said management comprises new mode of operation, puncturing pattern, the editing pattern created;
And/or, the mapping relations administration module, the mapping relations that are used between persona, mode of operation and the authority are managed.
12. a user right control device is characterized in that, comprising:
Role's acquisition module is used to obtain defined active user's role;
The mode of operation acquisition module is used to obtain the work at present pattern;
The authority acquiring module is used for according to said role, obtains the authority of said role based on the work at present pattern; Said role based on the authority of mode of operation by: this role this mode of operation following the authority that can exercise; And
The open module of authority is used for opening the authority of being obtained to the active user.
13. device as claimed in claim 12 is characterized in that, the open module of said authority specifically is used for the authority of being obtained is shown as operable state.
14. device as claimed in claim 13 is characterized in that, the open module of said authority also is used for said role is shown as not operable state based on the authority of non-work at present pattern.
15., it is characterized in that said mode of operation comprises switchable multiple mode of operation like each described device in the claim 12 to 14, said device also comprises:
Mode switch module is used for when receiving user's mode of operation handoff request, if satisfy the condition of said mode of operation handoff request, then carries out corresponding work mode and switches.
16. device as claimed in claim 15 is characterized in that, said mode of operation comprises automatic mode and manual mode.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010105292898A CN102456106A (en) | 2010-10-28 | 2010-10-28 | Method and device for assigning user right, and method and device for controlling user right |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010105292898A CN102456106A (en) | 2010-10-28 | 2010-10-28 | Method and device for assigning user right, and method and device for controlling user right |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102456106A true CN102456106A (en) | 2012-05-16 |
Family
ID=46039287
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010105292898A Pending CN102456106A (en) | 2010-10-28 | 2010-10-28 | Method and device for assigning user right, and method and device for controlling user right |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102456106A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103514412A (en) * | 2012-06-26 | 2014-01-15 | 华为技术有限公司 | Method and cloud server for establishing role-based access control system |
| CN104899485A (en) * | 2015-07-02 | 2015-09-09 | 三星电子(中国)研发中心 | User management method and device |
| WO2018224023A1 (en) * | 2017-06-08 | 2018-12-13 | 成都牵牛草信息技术有限公司 | Method for displaying permission after employee logs into account thereof in system |
| CN113486312A (en) * | 2021-05-08 | 2021-10-08 | 北京易成时代科技有限公司 | Access control design method based on mode |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020026592A1 (en) * | 2000-06-16 | 2002-02-28 | Vdg, Inc. | Method for automatic permission management in role-based access control systems |
| CN101478536A (en) * | 2008-12-08 | 2009-07-08 | 山东浪潮齐鲁软件产业股份有限公司 | Method for solving access control in authority management |
-
2010
- 2010-10-28 CN CN2010105292898A patent/CN102456106A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020026592A1 (en) * | 2000-06-16 | 2002-02-28 | Vdg, Inc. | Method for automatic permission management in role-based access control systems |
| CN101478536A (en) * | 2008-12-08 | 2009-07-08 | 山东浪潮齐鲁软件产业股份有限公司 | Method for solving access control in authority management |
Non-Patent Citations (1)
| Title |
|---|
| 付松龄等: "基于任务和角色的分布式工作流安全模型", 《国防科技大学学报》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103514412A (en) * | 2012-06-26 | 2014-01-15 | 华为技术有限公司 | Method and cloud server for establishing role-based access control system |
| CN104899485A (en) * | 2015-07-02 | 2015-09-09 | 三星电子(中国)研发中心 | User management method and device |
| WO2018224023A1 (en) * | 2017-06-08 | 2018-12-13 | 成都牵牛草信息技术有限公司 | Method for displaying permission after employee logs into account thereof in system |
| CN113486312A (en) * | 2021-05-08 | 2021-10-08 | 北京易成时代科技有限公司 | Access control design method based on mode |
| CN113486312B (en) * | 2021-05-08 | 2023-08-18 | 北京易成时代科技有限公司 | Access control design method based on mode |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102468971A (en) | Authority management method and device, and authority control method and device | |
| CN106790001B (en) | Unified interface-based multi-system role authority management method and system | |
| CN103795745A (en) | Monitoring method and monitoring system of intelligent mobile terminal | |
| CN104408339A (en) | Authority management method for information system | |
| CN110443010A (en) | One kind permission visual configuration control method, device, terminal and storage medium in information system | |
| CN103477326A (en) | Infrastructure control fabric system and method | |
| CN105184144A (en) | Multi-system privilege management method | |
| CN103500297A (en) | Fine grit authority management method in information system | |
| CN106412896A (en) | Authorization management method and system of wireless router | |
| CN102843261B (en) | A kind of distributed right management method of coal preparation plant MES based role | |
| CN104462937B (en) | Operating system peripheral access permission control method based on users | |
| CN102456106A (en) | Method and device for assigning user right, and method and device for controlling user right | |
| CN202939611U (en) | Internal and external network physical isolation computer host machine | |
| CN107292526A (en) | Engineering corporation information management system | |
| CN102708466A (en) | Project management system | |
| CN105653969B (en) | Data processing method, device and electronic equipment | |
| CN102882715A (en) | Permission managing system | |
| WO2010028583A1 (en) | Method and apparatus for managing the authority in workflow component based on authority component | |
| JP2017049853A (en) | Authority information management system and authority information management program | |
| CN103716184A (en) | Operation maintenance system of multistage interconnection domain system | |
| CA2546163A1 (en) | Attribute-based allocation of resources to security domains | |
| CN102902916B (en) | The authority control method that application program is general | |
| CN104363306A (en) | Private cloud management control method for enterprise | |
| CN104917793A (en) | Access control method, device and system | |
| CN105872059B (en) | A kind of remote execution method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20120516 |