Summary of the invention
The purpose of the application is to provide a kind of resource access authority group technology and equipment, is able to solve when user becomesWhen more, need to safeguard the change of user and its change of corresponding permission, the cumbersome and slow problem of inquiry velocity one by one.
According to the one aspect of the application, a kind of resource access authority group technology is provided, this method comprises:
The corresponding relationship of resource and user grouping is established, the user grouping includes at least one user;
Establish the corresponding relationship of the access authority of the user grouping and the resource corresponding to it;
Obtain the quantity of the level of the parent resource and child resource in the resource, wherein the resource includes at least twoChild resource under the parent resource of level and the parent resource;
According to the quantity of the level of the parent resource and child resource, the parent resource and/or child resource and resource are establishedThe corresponding relationship of index value, wherein the parent resource of the quantity of level in same threshold interval and/or child resource with it is sameA resource index value is corresponding.
Further, in the above method, establish the user grouping with its corresponding to resource access authority it is correspondingAfter relationship, further includes:
Obtain the increase and/or removal request of user in the user grouping;
According to the increase and/or removal request, increase and/or delete corresponding user in corresponding user grouping.
Further, in the above method, when resource corresponding to the user grouping and its is parent resource, described in foundationThe corresponding relationship of the access authority of user grouping and the resource corresponding to it, comprising:
Establish the corresponding relationship of the access authority of the user grouping and the parent resource corresponding to it;
Establish the user grouping and its corresponding to parent resource under child resource access authority corresponding relationship.
Further, in the above method, resource of the number of levels in same threshold interval is included into the same resource indexLater, further includes:
Obtain the request for inquiring the access authority of the corresponding user grouping of some child resource;
The parent resource of the child resource to be checked is determined according to the request;
According to resource index value corresponding to the child resource and its parent resource to be checked, the son to be checked is obtainedUser grouping under resource and its parent resource.
Further, in the above method, the user grouping institute obtained under the child resource and its parent resource to be checked is rightAfter the access authority for the resource answered, further includes:
The user grouping and the user grouping under the child resource and its parent resource to be checked are shown with tree structureThe access authority of corresponding resource.
Further, it in the above method, establishes in the corresponding relationship of resource and user grouping,
One user grouping only establishes corresponding relationship with a resource.
Further, in the above method, establish the user grouping with its corresponding to resource access authority it is correspondingIn relationship,
Access authority of one user grouping only with a resource establishes corresponding relationship.
Further, in the above method, establish the user grouping with its corresponding to resource access authority it is correspondingIn relationship,
Each user point when corresponding at least two user grouping of the same resource, at least two user groupingGroup institute the corresponding same resource access authority difference.
Further, in the above method, the user grouping includes at least one user's subgroup, user's subgroupIncluding at least one user.
According to the another side of the application, also by a kind of resource access authority packet equipment, which includes:
Resource and user grouping device, for establishing the corresponding relationship of resource and user grouping, the user grouping includesAt least one user;
User grouping and access authority device, for establishing the access authority of the user grouping and the resource corresponding to itCorresponding relationship;
Index value device, the quantity of the level for obtaining parent resource and child resource in the resource, wherein describedResource includes the child resource at least under the parent resource of two rank and the parent resource;According to the layer of the parent resource and child resourceThe quantity of grade, establishes the corresponding relationship of the parent resource and/or child resource and resource index value, wherein the quantity of level is sameThe parent resource and/or child resource in one threshold interval is corresponding with the same resource index value.
According to the another side of the application, a kind of equipment based on calculating is also provided, comprising:
Processor;And
It is arranged to the memory of storage computer executable instructions, the executable instruction makes the place when executedManage device:
The corresponding relationship of resource and user grouping is established, the user grouping includes at least one user;
Establish the corresponding relationship of the access authority of the user grouping and the resource corresponding to it;
Obtain the quantity of the level of the parent resource and child resource in the resource, wherein the resource includes at least twoChild resource under the parent resource of level and the parent resource;
According to the quantity of the level of the parent resource and child resource, the parent resource and/or child resource and resource are establishedThe corresponding relationship of index value, wherein the parent resource of the quantity of level in same threshold interval and/or child resource with it is sameA resource index value is corresponding.
According to the another side of the application, a kind of computer readable storage medium is also provided, being stored thereon with computer can holdRow instruction, wherein the computer executable instructions make processor when being executed by processor:
The corresponding relationship of resource and user grouping is established, the user grouping includes at least one user;
Establish the corresponding relationship of the access authority of the user grouping and the resource corresponding to it;
Obtain the quantity of the level of the parent resource and child resource in the resource, wherein the resource includes at least twoChild resource under the parent resource of level and the parent resource;
According to the quantity of the level of the parent resource and child resource, the parent resource and/or child resource and resource are establishedThe corresponding relationship of index value, wherein the parent resource of the quantity of level in same threshold interval and/or child resource with it is sameA resource index value is corresponding.
Compared with prior art, the application is by establishing the corresponding relationship of resource, user grouping and access authority three, afterWhen the continuous user in user grouping changes, the corresponding resource of the user and its visit can be realized according to the corresponding relationship of threeIt asks that permission can change automatically, without safeguarding the change of the corresponding resource of user and its permission one by one, simplifies operation, guarantee resourceWith access authority in real time with the change active synchronization of user grouping.
In addition, the present embodiment passes through resource index value, it is possible to reduce to the inquiry times of database, realization is looked into more quicklyThe user grouping under the child resource and its parent resource to be checked is ask, and then inquires the access authority of user grouping.
Specific embodiment
The application is described in further detail with reference to the accompanying drawing.
In a typical configuration of this application, terminal, the equipment of service network and trusted party include one or moreProcessor (CPU), input/output interface, network interface and memory.
Memory may include the non-volatile memory in computer-readable medium, random access memory (RAM) and/orThe forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable mediumExample.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any methodOr technology come realize information store.Information can be computer readable instructions, data structure, the module of program or other data.The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), movesState random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasableProgrammable read only memory (EEPROM), flash memory or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM),Digital versatile disc (DVD) or other optical storage, magnetic cassettes, magnetic tape disk storage or other magnetic storage devices orAny other non-transmission medium, can be used for storage can be accessed by a computing device information.As defined in this article, computerReadable medium does not include non-temporary computer readable media (transitory media), such as the data-signal and carrier wave of modulation.
As illustrated in fig. 1 and 2, the application provides a kind of resource access authority group technology, this method comprises:
Step S1, establishes the corresponding relationship of resource and user grouping, and the user grouping includes at least one user;
For example, a user grouping Group can be created, the user grouping can be the set of user, department or group,It include at least one user in the department or group, setting this Group has corresponding relationship to some resource Resource, describedResource may include attendance check card, file or log template etc.;
Specifically, a resource can be indicated with resourceURI, such as resource 1 (Resource_1), the resource 2 of Fig. 2(Resource_2).The specific format of resourceURI: tenant_id:domain:domain_id:*:biz_resource_Path, wherein
Tenant_id: indicating the mark of business side, can generate to each access side and distribute one uniquelytenantId;
Domain: expression represents level-one domain, such as ORG/SPACE/..... belonging to resource
Domain_id: representing the mark in level-one domain belonging to resource, for example, level-one domain belonging to resource is ORG, thenCorresponding domain_id can be orgId;
Biz_resource_path: the absolute path of resource is indicated;
In addition, when business side's setting certain user, department, group have specific access privileges to prescribe a time limit some resource, it can be handleA user grouping Group, while one globally unique groupId of corresponding generation is added in these users, department, group, such as schemes2, user grouping A (GroupA), user grouping B (GroupB), user grouping C (GroupC), user grouping D (GroupD);
Step S2 establishes the corresponding relationship of the access authority of the user grouping and the resource corresponding to it;
Then above step S1 can set this Group and have to the Resource corresponding to it in step s 2Access authority (Policy), the access authority may include determine authority content or permission using rule, as shown in Fig. 2, withFamily, which is grouped A, to be had access authority 1 (policy_1), user grouping B to have access authority 3 (policy_3) to resource 1 resource 1, usesFamily grouping C has access authority 3 (policy_3), user grouping D to have access authority 4 (policy_4) to resource 2 resource 2;
The corresponding relationship for Resource, Group and Policy three that the present embodiment is established specifically can be as shown in Figure 2;
For example, an access authority may include a permission operating point ActionId and be made of the permission operating pointSemi-structured configuration Policy, permission operating point ActionId such as read read, write write or execute execute,
Policy can be shaped like:
Above-mentioned Policy indicates that the permission operating point for reading read, writing write and executing execute be to allow permissionAllow.Wherein, ActionIdContains represents prescribed profile, and Result represents the result Allow/ for meeting prescribed profileDeny;
Step S3 obtains the quantity of the level of the parent resource and child resource in the resource, wherein the resource includes extremelyChild resource under the parent resource and the parent resource of few two rank;
Here, the resource includes the child resource at least under the parent resource of two rank and the parent resource, for example, a resourceIncluding two levels of child resource/A/B/ under parent resource/A/ and its, for another example, a resource includes parent resource/A/ and the son money under itTri- source/A/B/ ,/A/B/C/ levels;
Parent resource refers to upper resource, and child resource refers to lower resource, and parent resource and child resource are an opposite concepts, certainOne parent resource is parent resource for its lower resource, meanwhile, which is child resource for its upper layer;Correspondingly, certainOne child resource is parent resource for its lower resource, meanwhile, which is child resource for its upper layer;
Step S4, according to the quantity of the level of the parent resource and child resource, establish the parent resource and/or child resource withThe corresponding relationship of resource index value, wherein the parent resource of the quantity of level in same threshold interval and/or child resource withThe same resource index value is corresponding;
In the present embodiment, can according to the quantity of the level of the parent resource and child resource, establish the parent resource and/orChild resource and the corresponding relationship of resource index value rule, resource_path indicate resource absolute path, and query_index canTo indicate the index value of resource absolute path, specifically query_index can be made into a point library and divide table key, such as a pair can be definedThe rule that should be related to is as follows:
First threshold section [0,3): if quantity < 3 of the level of the absolute path of 0≤parent resource or child resource, resourceThe index value of absolute path takes the first order path of the absolute path of the parent resource or child resource;
Second threshold section [3,6): if quantity < 6 of the level of the absolute path of 3≤parent resource or child resource, resourceThe index value of absolute path takes the first of the absolute path of the parent resource or child resource to three-level path;
Second threshold section [6,9): if quantity < 9 of the level of the absolute path of 6≤parent resource or child resource, resourceThe index value of absolute path takes the first to six grade of path of the absolute path of the parent resource or child resource;
For example, the user grouping according to the rule of above-mentioned corresponding relationship, under the parent resource and/or child resource(resource_path) as shown in the table with the corresponding relationship of resource index value (query_index):
Table one
Wherein, according to the rule of corresponding relationship in above-mentioned table one, for example,
<1>.resourcePath='/A/B/C/', pathdepth are 3, are taken first to three-level path, query_index='/A/B/C',;
<2>resourcePath='/A/B/C/D/E/F/G/H/', pathdepth are 8, take the first to six grade of path,Query_index='/A/B/C/D/E/F',;
<3>resourcePath='/A/B/C/D/*', pathdepth are 4, are taken first to three-level path, query_Index='/A/B/C';
<4>resourcePath='/A/*', pathdepth are 1, take first order path, query_index='/A'
The parent resource and/or child resource and the corresponding relationship of resource index value rule, can be according to the resource of oneselfThe quantity of maximum level is adjusted, and the quantity of the maximum level of resource is bigger, and each threshold interval of setting is bigger.
Here, the present embodiment is by establishing the corresponding relationship of resource, user grouping and access authority three, it is subsequent to userWhen user in grouping changes, the corresponding resource of the user and its access authority energy can be realized according to the corresponding relationship of threeEnough automatic changes simplify operation, guarantee resource and access right without safeguarding the change of the corresponding resource of user and its permission one by oneLimit in real time with the change active synchronization of user grouping.
In addition, the present embodiment passes through resource index value, it is possible to reduce to the inquiry times of database, realization is looked into more quicklyThe user grouping under the child resource and its parent resource to be checked is ask, and then inquires the access authority of user grouping.
In one embodiment of resource access authority group technology of the application, the user grouping and the money corresponding to it are establishedAfter the corresponding relationship of the access authority in source, further includes:
Obtain the increase and/or removal request of user in the user grouping;
According to the increase and/or removal request, increase and/or delete corresponding user in corresponding user grouping.
Here, using the corresponding relationship of the resource of upper embodiment foundation, user grouping and access authority three, it is subsequent rightWhen user in user grouping increases and/or deletes, can according to the corresponding relationship of three, realize the corresponding resource of the user andIts access authority can change automatically, without safeguarding the change of the corresponding resource of user and its permission one by one, simplify operation.
For example, the user list that can be changed in real time under Group can become in real time when group members change when departmental staff changesUser list under more Group;
For another example, in access control system, some department, which can be set, can enter the gate inhibition of some meeting room, as some userWhen leaving this department, as long as the user is deleted from the department, so that it may accomplish that cancelling this person in real time enters this meeting roomAccess permission.
In one embodiment of resource access authority group technology of the application, when the user grouping and its corresponding to resourceWhen being parent resource, the corresponding relationship of the access authority of the user grouping and the resource corresponding to it is established, comprising:
Establish the corresponding relationship of the access authority of the user grouping and the parent resource corresponding to it;
Establish the user grouping and its corresponding to parent resource under child resource access authority corresponding relationship.
The present embodiment by establish user grouping with its corresponding to parent resource access authority corresponding relationship it is sameWhen, establish the user grouping and its corresponding to parent resource under child resource access authority corresponding relationship, realize fatherResource can possess the access authority of its lower affiliated all child resource, that is, realize parent resource to its lower affiliated all sub- moneyThe succession of the access authority in source.
For example, some department, which can be set, the permission for checking directory A (parent resource), when A mesh in file management systemUnder record when addition subdirectory (child resource), user is the All Files that may have access to subdirectory under department.Meanwhile department is one newly-increasedWhen user, can also accomplish can real time inspection directory A and subdirectory file.
For another example, the access authority of parent resource/A/B/ (resourcePath='/A/B/*') is provided with to some group,User under so this Group possess automatically each child resource under parent resource such as/A/B/C ,/A/B/C1/D1 access authority.
Specifically, if biz_resource_pat='/A', represent user may have access under domain /A father moneySource itself, user can also access/A under all child resources, such as/A/B/ ,/A/B/C/;
If biz_resource_pat='/A/B/', represent user may have access to domain under /A/B parent resource sheetBody, user can also access/A/B under all child resources, such as/A/B/C/ ,/A/B/C/D/;
If biz_resource_pat='/', represent user may have access to domain under/parent resource itself, useFamily can also access/under all child resources, such as/A/ ,/A/B/.
Here, '/' is reserved keyword, biz_resource_pat is classified with '/', so the money of every level-oneCannot include in source identifier '/', obscure to avoid with the reserved keyword.
Since access authority of the parent resource to its lower affiliated all child resource is inherited, so possessing certain in inquiryWhen all users of the access authority of one resource, not only needs to obtain all users for the access authority for possessing the resource, also needAll users for possessing the access authority of all parent resources of the resource are obtained, because possess all parent resources of the resourceAll users of access authority, also possess the access authority of the resource certainly, below by following examples for how to inquireAll users for possessing the permission of a certain resource explain:
In one embodiment of resource access authority group technology of the application, in order to realize that inquiry possesses the access of a certain resourceAll users of permission, establish the user grouping with its corresponding to parent resource under child resource access authority it is corresponding passAfter system, further includes:
Obtain the request for inquiring the access authority of the corresponding user grouping of some child resource;
Based on the parent resources at different levels for requesting to determine the child resource to be checked step by step;
The user grouping under the child resource and its parent resource to be checked of the determination is obtained step by step;
The user grouping got is summarized and duplicate removal.
For example, to inquire which user has access authority, i.e. inquiry bizResourcePath=to catalogue/A/B/C/D/EThe access authority under all group lists under '/A/B/C/D/E ', it is assumed that dividing table key is Domain:DomainId.
Including carrying out following steps:
Inquiry pair/A/B/C/D/E has the group list of access authority;
Inquiry pair/A/B/C/D has the group list of access authority;
Inquiry pair/A/B/C has the group list of access authority;
Inquiry pair/A/B has the group list of access authority;
Inquiry pair/A has the group list of access authority;
Inquiry pair/* has the group list of access authority;
After finding all group, it can be done in memory and once summarize (Merge) and duplicate removal.
In one embodiment of resource access authority group technology of the application, in order to realize that inquiry possesses the access of a certain resourceAll users of permission, establish the user grouping with its corresponding to parent resource under child resource access authority it is corresponding passAfter system, further includes:
Obtain the request for inquiring the access authority of the corresponding user grouping of some child resource;
Based on the request, in all resources under the domain where the child resource to be checked, filter out it is described toThe parent resources at different levels of the child resource of inquiry;
User grouping under the child resource and its parent resource to be checked filtered out described in acquisition.
For example, to inquire which user has access authority to catalogue (child resource)/A/B/C/D/E,
All resource Domain:DomainId are as follows under domain under domain where catalogue (child resource)/A/B/C/D/E:
1./A/B
1./A/BB
2./A1/B1
3./A2/B2
So as to resource Domain all under domain under the domain where catalogue (child resource)/A/B/C/D/E:It is /A/B that catalogue (child resource)/A/B/C/D/E parent resource is matched in DomainId.
In this implementation, resource all under child resource and Domain:DomainId can be deposited inside and compare filtering,And then the user grouping under the child resource and its parent resource to be checked filtered out can be got.
In one embodiment of resource access authority group technology of the application, by resource of the number of levels in same threshold intervalIt is included into after the same resource index, further includes:
Obtain the request for inquiring the access authority of the corresponding user grouping of some child resource;
The parent resource of the child resource to be checked is determined according to the request;
According to resource index value corresponding to the child resource and its parent resource to be checked, the son to be checked is obtainedUser grouping under resource and its parent resource.
For example, when needing all Group under inquiry/A/B/C/D/E, according to the parent resource in upper embodiment table oneAnd/or the corresponding relationship of the user grouping (resource_path) under child resource and resource index value (query_index), onlyIt needs to inquire the data of query_index='/A'&&query_index='/A/B/C', then exists to the data foundIt is further filtered in memory, it is found that database (DB) number of operations can be reduced from original 5 times in the present embodimentTo 2 times, if a Mysql query time needs 7ms, then the response time inquired reduces 21ms (60%).
In one embodiment of resource access authority group technology of the application, the child resource to be checked and his father's money are obtainedAfter the access authority of resource corresponding to user grouping under source, further includes:
The user grouping and the user grouping under the child resource and its parent resource to be checked are shown with tree structureThe access authority of corresponding resource.
Here, needing an O&M backstage that can be used to check problem or examine when realizing a Rights Management SystemThe reason of whether a disconnected user possesses the permission of some resource and possesses this resource access authority.Such as in a Web pageFace, as shown in figure 3, can be by inputting resource path resourceURI and user UID, to inquire whether the user UID has thisThe access authority of resource path, if returning to true/false, directly to indicate that the user id possesses permission to the resource pathWith no permission.But it is not intuitive enough in this way, without pilot process.It is unfavorable for diagnosis and problem investigation.
The present embodiment may include steps of:
Step 1: as shown in figure 3, input resourceURI and user UID;
Step 2: clicking inquiry button
Step 3: output the result is that a tree structure as shown in fig. 4 or 5.And tree structures node is deployable and closesAnd in Fig. 4 or 5, the business that tree structure represents is meant that: user belongs to this session of session id=53506390, while thisSession belongs to the group of group=27001, and this resource is that initialization only has this group accessible, so user can visitAsk this resource, this result has listed this why accessible resource of user in detail.
The present embodiment not only may determine that can some user grouping access some resource, and can pass through tree structureCan list why this accessible resource, specifically a resource can be listed by the telescopic tree structure of dynamic generation benefitUnder all user grouping, the permission decision sharpening that can be abstracted allows developer or client is open-and-shut finds out resourceWhether may have access to, developer and client is facilitated to check and diagnose problem.The present embodiment can specifically be used in such as ACL/RBAC/In the permission systems such as GBAC.
In one embodiment of resource access authority group technology of the application, the corresponding relationship of resource and user grouping is establishedIn,
One user grouping only establishes corresponding relationship with a resource, guarantees that a Group is only capable of ownership oneResource, corresponding resource is obscured when user being avoided to update.
In one embodiment of resource access authority group technology of the application, the user grouping and the money corresponding to it are establishedIn the corresponding relationship of the access authority in source,
Access authority of one user grouping only with a resource establishes corresponding relationship, guarantees that a Group can only be assignedA Policy is given, corresponding Policy obscures when user being avoided to update.
In one embodiment of resource access authority group technology of the application, the user grouping and the money corresponding to it are establishedIn the corresponding relationship of the access authority in source,
Each user point when corresponding at least two user grouping of the same resource, at least two user groupingThe access authority difference of the corresponding same resource of group institute, guarantees that a Resource can have multiple Group, but oneDifferent Group corresponds to unused Policy certainly under a Resource, i.e. possesses same Policy's under a ResourceUser can be concluded the same Group, and Policy occurs mixed when the user of difference Group under same Resource being avoided to updateConfuse.
In one embodiment of resource access authority group technology of the application, the user grouping includes at least one userGrouping, user's subgroup includes at least one user.
Here, as shown in fig. 6, user's subgroup Member is the component units under a user grouping Group, oneUser grouping Group includes one or more user's subgroup Member, and each user's subgroup Member includes at least oneUser Uid, user's subgroup Member may include subgroup type memberType and subgroup mark memberId.
For example having user's subgroup Member under Group is a department (deptId=123), thenMemberType='dept', memberId=' 123 ';For another example, if having user's subgroup Member under Group is oneA group (cid=456), then memberType='conv', memberId='456'.One group is by one or moreMemberId+memberType composition.
Here, the present embodiment can be realized under each user grouping by the way that user's subgroup is arranged under user groupingThe more fine-grained change of user in each user's set is used for example, there are two user's subgroup A1 and A2 under user groupingFamily a is in user's subgroup A1, not in user's subgroup A2, as long as then doing the deletion of user a in user's subgroup A1, does not have toUser's change is done in user's subgroup A2.
According to the another side of the application, a kind of resource access authority packet equipment is also provided, which includes:
Resource and user grouping device, for establishing the corresponding relationship of resource and user grouping, the user grouping includesAt least one user;
User grouping and access authority device, for establishing the access authority of the user grouping and the resource corresponding to itCorresponding relationship;
Index value device, for the corresponding relationship in the access authority for establishing the user grouping and the resource corresponding to itLater, the quantity of the level of the parent resource and child resource in the resource is obtained, wherein the resource includes at least two rankParent resource and the parent resource under child resource;According to the quantity of the level of the parent resource and child resource, described in foundationThe corresponding relationship of parent resource and/or child resource and resource index value, wherein the quantity of level in same threshold interval described inParent resource and/or child resource are corresponding with the same resource index value.
It further include change device in one embodiment of resource access authority packet equipment of the application, for described in the foundationAfter the corresponding relationship of the access authority of user grouping and the resource corresponding to it, the increase of user in the user grouping is obtainedAnd/or removal request;According to the increase and/or removal request, increase and/or delete corresponding use in corresponding user groupingFamily.
In one embodiment of resource access authority packet equipment of the application, user grouping and access authority device, for working asThe user grouping and resource corresponding to it establish the visit of the user grouping and the parent resource corresponding to it when being parent resourceAsk the corresponding relationship of permission;Establish the user grouping with its corresponding to parent resource under child resource access authority it is correspondingRelationship.
It further include inquiry unit in one embodiment of resource access authority packet equipment of the application, for number of levels to existResource in same threshold interval is included into after the same resource index, is obtained and is inquired the corresponding user grouping of some child resourceThe request of access authority;The parent resource of the child resource to be checked is determined according to the request;According to the son to be checkedResource index value corresponding to resource and its parent resource obtains the user point under the child resource and its parent resource to be checkedGroup.
In one embodiment of resource access authority packet equipment of the application, the inquiry unit is also used to tree structureShow the access of resource corresponding to the user grouping and the user grouping under the child resource and its parent resource to be checkedPermission.
In one embodiment of resource access authority packet equipment of the application, the resource and user grouping device, being used for willOne user grouping only establishes corresponding relationship with a resource.
In one embodiment of resource access authority packet equipment of the application, in user grouping and access authority device, it is used forAccess authority by a user grouping only with a resource establishes corresponding relationship.
In one embodiment of resource access authority packet equipment of the application, in user grouping and access authority device, it is used forWhen corresponding at least two user grouping of the same resource, divide each user grouping at least two user groupingThe access authority of the not corresponding same resource is different.
In one embodiment of resource access authority packet equipment of the application, the user grouping includes at least one userGrouping, user's subgroup includes at least one user.
According to the another side of the application, a kind of equipment based on calculating is also provided, comprising:
Processor;And
It is arranged to the memory of storage computer executable instructions, the executable instruction makes the place when executedManage device:
The corresponding relationship of resource and user grouping is established, the user grouping includes at least one user;
Establish the corresponding relationship of the access authority of the user grouping and the resource corresponding to it;
After establishing the corresponding relationship of access authority of the user grouping and the resource corresponding to it, the money is obtainedThe quantity of the level of parent resource and child resource in source, wherein the resource includes at least parent resource of two rank and describedChild resource under parent resource;
According to the quantity of the level of the parent resource and child resource, the parent resource and/or child resource and resource are establishedThe corresponding relationship of index value, wherein the parent resource of the quantity of level in same threshold interval and/or child resource with it is sameA resource index value is corresponding.
According to the another side of the application, a kind of computer readable storage medium is also provided, being stored thereon with computer can holdRow instruction, wherein the computer executable instructions make processor when being executed by processor:
The corresponding relationship of resource and user grouping is established, the user grouping includes at least one user;
Establish the corresponding relationship of the access authority of the user grouping and the resource corresponding to it;
After establishing the corresponding relationship of access authority of the user grouping and the resource corresponding to it, the money is obtainedThe quantity of the level of parent resource and child resource in source, wherein the resource includes at least parent resource of two rank and describedChild resource under parent resource;
According to the quantity of the level of the parent resource and child resource, the parent resource and/or child resource and resource are establishedThe corresponding relationship of index value, wherein the parent resource of the quantity of level in same threshold interval and/or child resource with it is sameA resource index value is corresponding.
The detailed content of above equipment and each embodiment of computer readable storage medium, for details, reference can be made to each method embodimentsCorresponding part, here, repeating no more.
Obviously, those skilled in the art can carry out various modification and variations without departing from the essence of the application to the applicationMind and range.In this way, if these modifications and variations of the application belong to the range of the claim of this application and its equivalent technologiesWithin, then the application is also intended to include these modifications and variations.
It should be noted that the application can be carried out in the assembly of software and/or software and hardware, for example, can adoptWith specific integrated circuit (ASIC), general purpose computer or any other realized similar to hardware device.In one embodimentIn, the software program of the application can be executed to implement the above steps or functions by processor.Similarly, the applicationSoftware program (including relevant data structure) can be stored in computer readable recording medium, for example, RAM memory,Magnetic or optical driver or floppy disc and similar devices.In addition, hardware can be used to realize in some steps or function of the application, exampleSuch as, as the circuit cooperated with processor thereby executing each step or function.
In addition, a part of the application can be applied to computer program product, such as computer program instructions, when its quiltWhen computer executes, by the operation of the computer, it can call or provide according to the present processes and/or technical solution.And the program instruction of the present processes is called, it is possibly stored in fixed or moveable recording medium, and/or pass throughBroadcast or the data flow in other signal-bearing mediums and transmitted, and/or be stored according to described program instruction operationIn the working storage of computer equipment.Here, including a device according to one embodiment of the application, which includes usingMemory in storage computer program instructions and processor for executing program instructions, wherein when the computer program refers toWhen enabling by processor execution, method and/or skill of the device operation based on aforementioned multiple embodiments according to the application are triggeredArt scheme.
It is obvious to a person skilled in the art that the application is not limited to the details of above-mentioned exemplary embodiment, Er QieIn the case where without departing substantially from spirit herein or essential characteristic, the application can be realized in other specific forms.Therefore, no matterFrom the point of view of which point, the present embodiments are to be considered as illustrative and not restrictive, and scope of the present application is by appended powerBenefit requires rather than above description limits, it is intended that all by what is fallen within the meaning and scope of the equivalent elements of the claimsVariation is included in the application.Any reference signs in the claims should not be construed as limiting the involved claims.ThisOutside, it is clear that one word of " comprising " does not exclude other units or steps, and odd number is not excluded for plural number.That states in device claim is multipleUnit or device can also be implemented through software or hardware by a unit or device.The first, the second equal words are used to tableShow title, and does not indicate any particular order.