RBAC-based temporary authorization method, system and device and medium

Abstract

The invention discloses an RBAC-based temporary authorization method, system and device, and a storage medium, and the method comprises the steps of extracting the operation authority of a business system, so as to form a business system authority resource pool; acquiring data access heat within a preset time, and creating a temporary authorization role in the service system permission resource pool according to the data access heat; responding to the scene with temporary authorization, and matching a temporary authorization role conforming to the scene in a service system permission resourcepool according to access resources of the scene; and in response to successful matching, authorizing the user with the temporary authorization scene based on the matched temporary authorization role.According to the invention, authority management can be optimized, system complexity and maintenance cost when there are many temporary authorization scenes are reduced, and background authority management complexity of the system is reduced.

Description

technical field [0001] The present invention relates to the field of authority control, and more specifically, refers to a method, system, computer equipment and readable medium for temporary authorization based on RBAC. Background technique [0002] At present, the authority control in the business system is basically completed through RBAC (role-based access control model). The basic idea of ​​RBAC is: the access authority authorized to the user is usually determined by the role the user plays in an organization. In RBAC, permissions are granted to roles, roles are granted to users, and users are not directly associated with permissions. The authorization of access rights by RBAC is managed by the administrator in a unified manner. RBAC makes access authorization and control according to the roles of users in the organization. Authorization regulations are imposed on users, and users cannot voluntarily pass on access rights to others. A non-autonomous centralized access c...

AI Technical Summary

Problems solved by technology

However, the above-mentioned technology has the following disadvantages: First, in the process of temporary authorization, if the authorization is completed by modifying the role, all users with this role will have the same authority, but in fact the user may only need to perform special authorization for one person; Second, if the temporary authorization is completed by creating a role separately, it is necessary to identify the authority of the original role, and add authorization based on the existing role authority. If the current user has multiple roles, the operation will be more complicated, which increases the complexity of the system. ;Third, the operation of creating a new role and re-empowering will make the authority management of the system confusing and make the background management of the system more difficult; Fourth, it is impossible to realize the temporary authorization

Images