CN105141576A - Authorization management system and authorization method - Google Patents
Authorization management system and authorization method Download PDFInfo
- Publication number
- CN105141576A CN105141576A CN201510382818.9A CN201510382818A CN105141576A CN 105141576 A CN105141576 A CN 105141576A CN 201510382818 A CN201510382818 A CN 201510382818A CN 105141576 A CN105141576 A CN 105141576A
- Authority
- CN
- China
- Prior art keywords
- data
- module
- processing module
- data processing
- account
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an authorization management system and an authorization method. The authorization management system comprises an interface module, a data processing module, a data caching module and a data storage module, wherein the interface module is used for receiving a data request of a client and sending the data request to the data processing module; the data processing module generates a corresponding execution instruction according to the received data request, and sends the execution instruction to the data caching module or the data storage module; the data caching module is used for caching authorization relation data in the data storage module; and the data storage module is used for storing the authorization relation data, and processes the stored authorization relation data according to the execution instruction sent by the data processing module. According to the invention, multilevel and multi-user authorization management in an enterprise application system is realized, and the authorization process is ensured to follow a mode of being from a higher level to a lower level strictly.
Description
Technical field
The present invention relates to and be a kind ofly applied to authentication management system in enterprise management system and authorization method.
Background technology
Developing rapidly of the Internet, development of Mobile Internet technology, for much traditional application brings new intension; For a lot of problem brings new, more efficient solution route.The intrinsic problem of traditional Enterprise OA System causes increasing enterprise attempting by social networks SNS correlation technique, and the operation and management process for enterprise is brought larger facility, higher efficiency, better experienced.Such as, in enterprise's social activity application, each member in an enterprise has different accounts, the build-in attributes such as the organizational structure of enterprise itself and title and rank should cause each member have different can operating function set.Different personnel should be embodied and can complete different work, namely each member only have relevant to its work can operating function set.Therefore, need to provide the solution realizing various different role being carried out to empowerment management and access control.
Summary of the invention
In order to overcome the deficiencies in the prior art, the object of the present invention is to provide a kind of authentication management system and authorization method, realizing the multi-layer in enterprise application system, multi-user's empowerment management, ensure that licensing process is strictly from higher level to the mode of subordinate.
For solving the problem, the technical solution adopted in the present invention is as follows:
Scheme one:
A kind of authentication management system, comprising: interface module, data processing module, data cache module and data memory module;
Request of data for receiving the request of data of client, and is sent to data processing module by described interface module, when receiving the result of data processing module transmission, then result packing is sent to corresponding client;
Described data processing module generates according to the request of data received and performs instruction accordingly, this execution instruction is sent to data cache module or data memory module, when the result receiving data cache module or data memory module and return, then result is sent to interface module;
Described data cache module is used for carrying out buffer memory to the mandate relation data in data memory module, and the mandate relation data of self institute's buffer memory is searched in the execution instruction sent according to data processing module, and result is back to data processing module;
Described data memory module, for storing mandate relation data, processes the mandate relation data self stored according to the execution instruction that data processing module sends, and result is back to data processing module.
Preferably, described interface module also comprises for receiving request of data by JSON data format, and checks the form of request of data, if form correctly, is sent to data processing module, otherwise returns false request prompting.
Preferably, the execution instruction that data processing module generates comprises data increases instruction, data delete instruction, the look-up command of data modification instruction and data.
Preferably, described data cache module only receives data search instruction; Instruction, data delete instruction or data modification instruction after receiving result is increased when data processing module sends data to data memory module, then send to data cache module and upgrade instruction, carry out data syn-chronization to make data cache module and data memory module.
Scheme two:
A kind of authorization method, is characterized in that, be applied to the authentication management system described in scheme one, comprise the step of the highest director's account of setting:
S1: when the highest director's account logs in first, interface module receives the request of data of the highest director's account of activation sent by client by the highest director's account, and this request of data is sent to data processing module;
S2: data processing module generates the execution instruction activating the highest director's account, and this execution instruction is sent to data memory module;
S3: data memory module can be associated all with this highest director's account relation by authorization module according to this execution instruction.
Preferably, downward authorisation step is also comprised:
S4: interface module receives the request of data to corresponding account mandate sent by client by active user's account, and this request of data is sent to data processing module;
S5: data processing module search from data memory module in request of data treat authorization module whether be contained in associated by active user's account can in authorization module, if, then send the execution instruction to corresponding account mandate to data processing module, perform step S6, if not, then return and cannot authorize prompting;
S6: data memory module will treat that authorization module and corresponding account are associated relation according to this execution instruction.
Compared to existing technology, beneficial effect of the present invention is: 1, realize the multi-layer in enterprise application system, multi-user's empowerment management, the mode of being gone forward one by one by level is authorized downwards, simplifies licensing process, ensure again the preciseness of licensing process, donor has the control of authority to licensee.2, utilizing data cache module that user can be responded quickly when sending request to authentication management system in authentication management system, improve execution efficiency.
Accompanying drawing explanation
Fig. 1 is the structure chart of authentication management system of the present invention.
Fig. 2 is the flow chart of steps of the highest director's account of setting of authorization method of the present invention.
Fig. 3 is the flow chart of steps of the downward mandate of authorization method of the present invention.
Embodiment
Below, by reference to the accompanying drawings and embodiment, the present invention is described further:
In enterprise application software, the various functional modules relevant to enterprise operation and management are all needed to manage.Each member of enterprise should have suitable authorized functional module set.Such as: the member of sales department should have the right to operate to data such as orders, but should not have operating right to financial statement.In order to manage the licensing process of member of enterprise, by analyzing the job duty of enterprises all departments and personnel, all functions set that enterprise is relevant is divided into multiple subclass.All authorized appropriation work is all from top to bottom, launch step by step from company manager, namely from the highest director of enterprise, decomposes gradually and authorization function subset to subordinate, and this mode can ensure that all mandates are formal with rigorous.The process of authorizing is exactly the process (all functional module subclass all can be saved) of partition functionality module subclass; The process of empowerment management, manages and operates the process of multiple disparate modules subclass exactly.Once functional module subclass divides complete, according to these functional module subclass, just can control different members in enterprise by authentication management system and have different feature operation scopes.
With reference to figure 1, authentication management system of the present invention, comprising: interface module, data processing module, data cache module and data memory module.Request of data for receiving the request of data of client, and is sent to data processing module by interface module, when receiving the result of data processing module transmission, then result packing is sent to corresponding client.Data processing module generates according to the request of data received and performs instruction accordingly, this execution instruction is sent to data cache module or data memory module, when the result receiving data cache module or data memory module and return, then result is sent to interface module.Data cache module is used for carrying out buffer memory to the mandate relation data in data memory module, and the mandate relation data of self institute's buffer memory is searched in the execution instruction sent according to data processing module, and result is back to data processing module.Data memory module, for storing mandate relation data, processes the mandate relation data self stored according to the execution instruction that data processing module sends, and result is back to data processing module.
Wherein, interface module comprises Subscriber Interface Module SIM and module calling interface module, Subscriber Interface Module SIM mainly docks with the client that user uses, and external module calling interface module is that the module of docking with this authentication management system with the needs in business system is docked.Interface module is all received by JSON data format and sends data, can check the correctness of data format when a request for data is received, if form correctly, is sent to data processing module, otherwise returns false request prompting.Data cache module carries out buffer memory to the mandate relation data in data memory module, can shorten the time of data processing, improves response speed.Data memory module adopts ripe database as main body, can store mandate relation data with security and stability.The execution instruction that data processing module generates comprises data increases instruction, data delete instruction, the look-up command of data modification instruction and data.Instruction, data delete instruction or data modification instruction after receiving result is increased when data processing module sends data to data memory module, then send to data cache module and upgrade instruction, carry out data syn-chronization to make data cache module and data memory module.Such as, in data memory module to one of them account authorization certain functional module, namely the account and this functional module add incidence relation, and after being successfully associated, data cache module performs and upgrades instruction, the data in synchrodata memory module.
The invention also discloses a kind of authorization method, be applied to above-mentioned authentication management system, comprise the step of setting the highest director account and downward authorisation step.When authentication management system is set up, first can arrange keeper's account, this account has highest weight limit, the execution authority of the functional module that all enterprises are correlated with is controlled by this keeper's account, meanwhile, also need to arrange director's account the highest, account state is initially unactivated state.
The step arranging the highest director's account comprises:
S1: when the highest director's account logs in first, interface module receives the request of data of the highest director's account of activation sent by client by the highest director's account, and this request of data is sent to data processing module;
S2: data processing module generates the execution instruction activating the highest director's account, and this execution instruction is sent to data memory module;
S3: data memory module can be associated all with this highest director's account relation by authorization module according to this execution instruction.
By above-mentioned steps S1-S3, represent the highest director's account of successful activation, this account then can have the execution authority of the functional module that all enterprises are correlated with, and all functional modules can be licensed to other accounts as required, namely authorizes corresponding authority to subordinate.Meanwhile, keeper's account has the execution authority of the functional module that all enterprises are correlated with no longer, only has the highest director's account of reset to be the authority of unactivated state.
The step of downward mandate comprises:
S4: interface module receives the request of data to corresponding account mandate sent by client by active user's account, and this request of data is sent to data processing module;
S5: data processing module search from data memory module in request of data treat authorization module whether be contained in associated by active user's account can in authorization module, if, then send the execution instruction to corresponding account mandate to data processing module, perform step S6, if not, then return and cannot authorize prompting;
S6: data memory module will treat that authorization module and corresponding account are associated relation according to this execution instruction.
By above-mentioned steps S4-S6, each power having the account that manages corresponding functional module and all these functional modules can be authorized to subordinate, by such mode, is dispensed to different functional modules in corresponding account by level.Correspondingly, the functional module licensing to other accounts can also be reclaimed, namely cancel the incidence relation of authorized account and corresponding function module.Each account all can check by authentication management system the functional module that self is authorized, and to the functional module that other account is authorized.
To one skilled in the art, according to technical scheme described above and design, other various corresponding change and deformation can be made, and all these change and deformation all should belong within the protection range of the claims in the present invention.
Claims (6)
1. an authentication management system, is characterized in that, comprising: interface module, data processing module, data cache module and data memory module;
Request of data for receiving the request of data of client, and is sent to data processing module by described interface module, when receiving the result of data processing module transmission, then result packing is sent to corresponding client;
Described data processing module generates according to the request of data received and performs instruction accordingly, this execution instruction is sent to data cache module or data memory module, when the result receiving data cache module or data memory module and return, then result is sent to interface module;
Described data cache module is used for carrying out buffer memory to the mandate relation data in data memory module, and the mandate relation data of self institute's buffer memory is searched in the execution instruction sent according to data processing module, and result is back to data processing module;
Described data memory module, for storing mandate relation data, processes the mandate relation data self stored according to the execution instruction that data processing module sends, and result is back to data processing module.
2. authentication management system according to claim 1, it is characterized in that, described interface module also comprises for receiving request of data by JSON data format, and checks the form of request of data, if form correctly, is sent to data processing module, otherwise return false request prompting.
3. authentication management system according to claim 1, is characterized in that, the execution instruction that data processing module generates comprises data increases instruction, data delete instruction, the look-up command of data modification instruction and data.
4. authentication management system according to claim 3, is characterized in that, described data cache module only receives data search instruction; Instruction, data delete instruction or data modification instruction after receiving result is increased when data processing module sends data to data memory module, then send to data cache module and upgrade instruction, carry out data syn-chronization to make data cache module and data memory module.
5. an authorization method, is characterized in that, is applied to the authentication management system as described in claim 1-4, comprises the step of the highest director's account of setting:
S1: when the highest director's account logs in first, interface module receives the request of data of the highest director's account of activation sent by client by the highest director's account, and this request of data is sent to data processing module;
S2: data processing module generates the execution instruction activating the highest director's account, and this execution instruction is sent to data memory module;
S3: data memory module can be associated all with this highest director's account relation by authorization module according to this execution instruction.
6. authorization method according to claim 5, is characterized in that, also comprises the step of authorizing downwards:
S4: interface module receives the request of data to corresponding account mandate sent by client by active user's account, and this request of data is sent to data processing module;
S5: data processing module search from data memory module in request of data treat authorization module whether be contained in associated by active user's account can in authorization module, if, then send the execution instruction to corresponding account mandate to data processing module, perform step S6, if not, then return and cannot authorize prompting;
S6: data memory module will treat that authorization module and corresponding account are associated relation according to this execution instruction.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510382818.9A CN105141576A (en) | 2015-06-30 | 2015-06-30 | Authorization management system and authorization method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510382818.9A CN105141576A (en) | 2015-06-30 | 2015-06-30 | Authorization management system and authorization method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105141576A true CN105141576A (en) | 2015-12-09 |
Family
ID=54726785
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510382818.9A Pending CN105141576A (en) | 2015-06-30 | 2015-06-30 | Authorization management system and authorization method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105141576A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111191256A (en) * | 2019-11-28 | 2020-05-22 | 泰康保险集团股份有限公司 | Method and device for configuring user permission |
| CN113220763A (en) * | 2021-05-13 | 2021-08-06 | 国网宁夏电力有限公司电力科学研究院 | Data storage system based on energy big data |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040162905A1 (en) * | 2003-02-14 | 2004-08-19 | Griffin Philip B. | Method for role and resource policy management optimization |
| CN101414253A (en) * | 2007-10-17 | 2009-04-22 | 华为技术有限公司 | Method and system for managing authority |
| CN101951377A (en) * | 2010-09-21 | 2011-01-19 | 用友软件股份有限公司 | Hierarchical authorization management method and device |
| CN102713865A (en) * | 2009-10-20 | 2012-10-03 | 汤森路透环球资源公司 | Entitled data cache management |
| CN102821093A (en) * | 2012-06-29 | 2012-12-12 | 北京牡丹电子集团有限责任公司 | Content protection authorizing system and content protection authorizing method supporting cross-terminal application |
-
2015
- 2015-06-30 CN CN201510382818.9A patent/CN105141576A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040162905A1 (en) * | 2003-02-14 | 2004-08-19 | Griffin Philip B. | Method for role and resource policy management optimization |
| CN101414253A (en) * | 2007-10-17 | 2009-04-22 | 华为技术有限公司 | Method and system for managing authority |
| CN102713865A (en) * | 2009-10-20 | 2012-10-03 | 汤森路透环球资源公司 | Entitled data cache management |
| CN101951377A (en) * | 2010-09-21 | 2011-01-19 | 用友软件股份有限公司 | Hierarchical authorization management method and device |
| CN102821093A (en) * | 2012-06-29 | 2012-12-12 | 北京牡丹电子集团有限责任公司 | Content protection authorizing system and content protection authorizing method supporting cross-terminal application |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111191256A (en) * | 2019-11-28 | 2020-05-22 | 泰康保险集团股份有限公司 | Method and device for configuring user permission |
| CN111191256B (en) * | 2019-11-28 | 2022-06-28 | 泰康保险集团股份有限公司 | Method and device for configuring user permission |
| CN113220763A (en) * | 2021-05-13 | 2021-08-06 | 国网宁夏电力有限公司电力科学研究院 | Data storage system based on energy big data |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9910720B2 (en) | Method and apparatus for a mobile device based cluster computing infrastructure | |
| US9244671B2 (en) | System and method for deploying preconfigured software | |
| US20160277205A1 (en) | Internet of things (iot) communication method, communication end, and user end | |
| CN104363211A (en) | Method and system for managing authority | |
| EP3607440B1 (en) | Credential-based proactive discovery of remote micro-services by spreadsheet applications | |
| CN102857537A (en) | Remote call method, device and system | |
| US10565214B2 (en) | Intelligent database control systems with automated request assessments | |
| US10412555B2 (en) | M2M-based information processing method and M2M service platform | |
| CN107645532A (en) | The user management method and device of mixed cloud | |
| US11514151B2 (en) | Multidevice user authentication in group-based communication systems | |
| CN104579726A (en) | Method and device for managing network resource use permission of user | |
| US10901621B2 (en) | Dual-level storage device reservation | |
| US20220334896A1 (en) | Managing and Routing Messages to Distributed User Devices in an Enterprise Computing Environment | |
| CN103036855A (en) | Achievement device and method of authority management | |
| CN106209847A (en) | Electric data transmission method and device | |
| CN105376198A (en) | Access control method and device | |
| CN113570758A (en) | Remote monitoring terminal and vehicle Bluetooth key management method | |
| US11263036B2 (en) | Method and device for controlling access of application | |
| CN105141576A (en) | Authorization management system and authorization method | |
| US20150134818A1 (en) | Data sharing method and data sharing gateway configuration | |
| CN108270798B (en) | Mobile terminal equipment safety management system | |
| CN106375334A (en) | Authentication method for distributed system | |
| CN102118247A (en) | System and method for password management | |
| EP2750350B1 (en) | System and method for deploying preconfigured software | |
| CN105005726A (en) | Control method and device for menu item |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: Tianhe District Tianyuan road Guangzhou City, Guangdong province 510410 No. 401 Tianyuan Plaza building E1 Applicant after: GUANGZHOU ZHIDIAN NETWORK TECHNOLOGY CO., LTD. Address before: Tianhe District Tianyuan road Guangzhou City, Guangdong province 510410 No. 401 Tianyuan Plaza building E1 Applicant before: GUANGZHOU ZHIDIAN NETWORK TECHNOLOGY CO., LTD. |
|
| COR | Change of bibliographic data | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20151209 |