[go: up one dir, main page]

TWI862291B - Application permission establishment method and application permission establishment system - Google Patents

Application permission establishment method and application permission establishment system Download PDF

Info

Publication number
TWI862291B
TWI862291B TW112144861A TW112144861A TWI862291B TW I862291 B TWI862291 B TW I862291B TW 112144861 A TW112144861 A TW 112144861A TW 112144861 A TW112144861 A TW 112144861A TW I862291 B TWI862291 B TW I862291B
Authority
TW
Taiwan
Prior art keywords
permission
list
application
permissions
review
Prior art date
Application number
TW112144861A
Other languages
Chinese (zh)
Other versions
TW202522264A (en
Inventor
陳維超
張明淇
吳卓叡
Original Assignee
英業達股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 英業達股份有限公司 filed Critical 英業達股份有限公司
Priority to TW112144861A priority Critical patent/TWI862291B/en
Application granted granted Critical
Publication of TWI862291B publication Critical patent/TWI862291B/en
Publication of TW202522264A publication Critical patent/TW202522264A/en

Links

Images

Landscapes

  • Storage Device Security (AREA)
  • Telephonic Communication Services (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Lock And Its Accessories (AREA)

Abstract

A method of establishing application permissions includes requesting a first permission; determining whether the first permission exists in a plurality of application permissions in a permission table; obtaining the first permission when the first permission exists in the plurality of application permissions in a permission table; and reviewing the first permission when the first permission does not exist in the plurality of application permissions in a permission table.

Description

應用權限建立方法及應用權限建立系統 Application permission establishment method and application permission establishment system

本發明涉及一種應用權限建立方法及應用權限建立系統,尤指一種自動化和系統化的應用權限建立方法及應用權限建立系統。 The present invention relates to an application permission establishment method and an application permission establishment system, and in particular to an automated and systematic application permission establishment method and an application permission establishment system.

隨著資訊化及保密需求的增加,高度機密性資料通常存放於企業內部的資料中心,例如訂單資訊、財務資訊及採購資訊等。隸屬於不同單位或不同職等的員工可以存取這些高度機密性資料的資料範圍可能不同。因此,基於資安問題,資料中心必需建立一個權限機制來規範不同員工可存取的資料權限。 With the increase in informationization and confidentiality requirements, highly confidential data is usually stored in the company's internal data center, such as order information, financial information, and procurement information. Employees belonging to different units or different positions may have different access to these highly confidential data. Therefore, based on information security issues, the data center must establish a permission mechanism to regulate the data permissions that different employees can access.

然而,當前資料中心的資料權限建立以人工審核為主。一般而言,由審核委員會先收集每個員工對資料權限的需求,再決定出每個員工可存取的資料權限,如此繁複的權限建立方法除了增加時間成本外,還使得公司暴露在資料安全的風險之中。 However, the establishment of data permissions in the current data center is mainly based on manual review. Generally speaking, the review committee first collects each employee's needs for data permissions, and then determines the data permissions that each employee can access. Such a complicated permission establishment method not only increases time costs, but also exposes the company to data security risks.

在此情形下,如何自動化和系統化應用權限建立方法及應用權限建立系統並加速業界的數位轉型,就成為業界所努力的目標之一。 In this situation, how to automate and systematize the application permission establishment method and application permission establishment system and accelerate the digital transformation of the industry has become one of the goals that the industry is striving for.

本發明的主要目的之一在於提供一種應用權限建立方法及應用權限建立系統,以解決上述問題。 One of the main purposes of the present invention is to provide an application permission establishment method and an application permission establishment system to solve the above problems.

本發明提供一種應用權限建立方法,包含有請求一第一權限;判斷該第一權限是否存在於一權限總表中的複數個應用權限中;當該第一權限存在於該權限總表中的該複數個應用權限中時,取得該第一權限;以及當該第一權限不存在於該權限總表中的該複數個應用權限中時,審核該第一權限。 The present invention provides a method for establishing application permissions, including requesting a first permission; determining whether the first permission exists in a plurality of application permissions in a permission list; obtaining the first permission when the first permission exists in the plurality of application permissions in the permission list; and reviewing the first permission when the first permission does not exist in the plurality of application permissions in the permission list.

本發明提供一種應用權限建立系統,包含有一使用者介面,用來請求一第一權限;一儲存模組,用來儲存一權限總表;以及一資料處理模組,耦接該使用者介面和該儲存模組,用來執行下述步驟:判斷該第一權限是否存在於一權限總表中的複數個應用權限中;當該第一權限存在於該權限總表中的該複數個應用權限中時,取得該第一權限;以及當該第一權限不存在於該權限總表中的該複數個應用權限中時,透過該使用者介面審核該第一權限。 The present invention provides an application permission establishment system, comprising a user interface for requesting a first permission; a storage module for storing a permission list; and a data processing module, coupled to the user interface and the storage module, for executing the following steps: determining whether the first permission exists in a plurality of application permissions in a permission list; when the first permission exists in the plurality of application permissions in the permission list, obtaining the first permission; and when the first permission does not exist in the plurality of application permissions in the permission list, reviewing the first permission through the user interface.

1:應用權限建立系統 1: Establish system for application permissions

2、3、4:流程 2, 3, 4: Process

10:使用者介面 10: User Interface

20:儲存模組 20: Storage module

30:資料處理模組 30: Data processing module

50:使用者權限表 50: User permission table

52:權限總表 52: Total list of permissions

S200-S208、S300-S310、S400-S408:步驟 S200-S208, S300-S310, S400-S408: Steps

第1圖為本發明實施例一應用權限建立系統之示意圖。 Figure 1 is a schematic diagram of the application permission establishment system of the first embodiment of the present invention.

第2圖、第3圖、第4圖為本發明不同實施例之應用權限建立方法的流程之示意圖。 Figures 2, 3, and 4 are schematic diagrams of the process of establishing application permissions in different embodiments of the present invention.

第5圖為本發明實施例應用權限建立系統處理一採購系統權限的示意圖。 Figure 5 is a schematic diagram of the application permission establishment system processing a purchasing system permission according to an embodiment of the present invention.

在說明書及後續的申請專利範圍當中使用了某些詞彙來指稱特定的元件。所屬領域中具有通常知識者應可理解,硬體製造商可能會用不同的名詞來稱呼同一個元件。本說明書及後續的申請專利範圍並不以名稱的差異來做為區分元件的方式,而是以元件在功能上的差異來做為區分的準則。在通篇說明書及後續的申請專利範圍當中所提及的「包含」係為一開放式的用語,故應解釋成「包含但不限定於」。以外,「耦接」一詞在此係包含任何直接及間接的電氣連接手段。因此,若文中描述一第一裝置耦接於一第二裝置,則代表該第一裝置可直接電氣連接於該第二裝置,或透過其他裝置或連接手段間接地電氣連接至該第二裝置。 Certain terms are used in this specification and subsequent patent applications to refer to specific components. A person of ordinary skill in the art should understand that hardware manufacturers may use different terms to refer to the same component. This specification and subsequent patent applications do not use differences in names as a way to distinguish components, but rather use differences in the functions of the components as the criterion for distinction. The word "including" mentioned throughout the specification and subsequent patent applications is an open term and should be interpreted as "including but not limited to". In addition, the word "coupled" here includes any direct and indirect electrical connection means. Therefore, if the text describes a first device coupled to a second device, it means that the first device can be directly electrically connected to the second device, or indirectly electrically connected to the second device through other devices or connection means.

在實施例中,運算裝置可採用下列範例中的至少一者:中央處理單元(central processor unit,CPU)、圖形處理器(Graphic Processing Unit,GPU)、微控制器(microcontroller,MCU)、應用處理器(application processor,AP)、現場可程式化閘陣列(field programmable gate array,FPGA)、特殊應用積體電路(Application Specific Integrated Circuit,ASIC)、數位訊號處理器(Digital Signal Processor,DSP)、系統晶片(system-on-a-chip,SOC)、深度學習加速器(deep learning accelerator)。但本發明不以這些範例為限制。 In an embodiment, the computing device may adopt at least one of the following examples: central processor unit (CPU), graphics processor (GPU), microcontroller (MCU), application processor (AP), field programmable gate array (FPGA), application specific integrated circuit (ASIC), digital signal processor (DSP), system-on-a-chip (SOC), deep learning accelerator. However, the present invention is not limited to these examples.

請參考第1圖,第1圖為本發明實施例一應用權限建立系統1之示意圖。應用權限建立系統1可配置於一資料中心,用來收集使用者對資料權限的需求或申請,並自動化和系統化讓使用者取得資料權限。應用權限建立系統1包含有一使用者介面10、一儲存模組20及一資料處理模組30。使用者透過使用者介面10請求多個資料權限,使用者介面10可以是一應用程式介面(application programing interface,API),使用者的請求會透過應用程式介面轉換為資料中心的資料格式,關於應用程式介面的轉換,為本領域人士所熟知,在此不贅述。需注意的是,為了清楚說明,在下述實施例中皆以使用者請求一第一權限為例,而不限於此。儲存模組20用來儲存一權限總表,權限總表紀錄複數個應用權限,其係使用者已經取得的應用權限或是預設可以取得的應用權限。資料處理模組30耦接使用者介面10和儲存模組20,用來執行一應用權限建立方法,以根據權限總表中的複數個應用權限判斷使用者是否能取得第一權限。 Please refer to Figure 1, which is a schematic diagram of an application permission establishment system 1 of an embodiment of the present invention. The application permission establishment system 1 can be configured in a data center to collect user needs or applications for data permissions, and automatically and systematically allow users to obtain data permissions. The application permission establishment system 1 includes a user interface 10, a storage module 20, and a data processing module 30. The user requests multiple data permissions through the user interface 10. The user interface 10 can be an application programming interface (API). The user's request will be converted into the data format of the data center through the application programming interface. The conversion of the application programming interface is well known to people in this field and will not be elaborated here. It should be noted that for the sake of clarity, the following embodiments are all taken as an example of a user requesting a first permission, but are not limited to this. The storage module 20 is used to store a permission list, which records a plurality of application permissions, which are application permissions that the user has obtained or application permissions that can be obtained by default. The data processing module 30 is coupled to the user interface 10 and the storage module 20, and is used to execute an application permission establishment method to determine whether the user can obtain the first permission based on the plurality of application permissions in the permission list.

關於應用權限建立系統1的應用權限建立方法,可歸納為一流程2,如第2圖所示。流程2包含以下步驟: The application permission establishment method of the application permission establishment system 1 can be summarized into a process 2, as shown in Figure 2. Process 2 includes the following steps:

步驟S200:開始。 Step S200: Start.

步驟S202:判斷第一權限是否存在於權限總表中的複數個應用權限中。 Step S202: Determine whether the first permission exists in the multiple application permissions in the permission list.

步驟S204:當第一權限存在於權限總表中的複數個應用權限中時,取得第一權限。 Step S204: When the first permission exists in multiple application permissions in the permission list, obtain the first permission.

步驟S206:當第一權限不存在於權限總表中的複數個應用權限中時,透過使用者介面審核第一權限。 Step S206: When the first permission does not exist in the plurality of application permissions in the permission list, the first permission is reviewed through the user interface.

步驟S208:結束。 Step S208: End.

根據流程2,於步驟S202中,當使用者透過使用者介面10請求多個資料權限時,資料處理模組30判斷第一權限是否存在於權限總表中的複數個應用權限中。於步驟S204中,當第一權限存在於權限總表中的複數個應用權限中時,即第一權限為使用者可以取得或已經取得的應用權限,因此資料處理模組30讓使用者取得第一權限。反之,於步驟S206中,當第一權限不存在於權限總表中 的複數個應用權限中時,資料處理模組30無法讓使用者自動取得第一權限。因此,需要其他機制來審核是否能讓使用者取得第一權限,舉例來說,當第一權限不存在於權限總表中的複數個應用權限中時,資料處理模組30將第一權限送交一審核委員會,其組成可以是使用者的主管等,審查委員會的委員即可透過使用者介面10審核第一權限。 According to process 2, in step S202, when the user requests multiple data permissions through the user interface 10, the data processing module 30 determines whether the first permission exists in the multiple application permissions in the permission list. In step S204, when the first permission exists in the multiple application permissions in the permission list, that is, the first permission is an application permission that the user can obtain or has obtained, the data processing module 30 allows the user to obtain the first permission. On the contrary, in step S206, when the first permission does not exist in the multiple application permissions in the permission list, the data processing module 30 cannot allow the user to automatically obtain the first permission. Therefore, other mechanisms are needed to review whether the user can obtain the first permission. For example, when the first permission does not exist in the multiple application permissions in the permission list, the data processing module 30 sends the first permission to a review committee, which can be composed of the user's supervisor, etc. The members of the review committee can review the first permission through the user interface 10.

在一實施例中,透過使用者介面審核第一權限可歸納為一流程3,如第3圖所示。流程3包含以下步驟: In one embodiment, reviewing the first permission through the user interface can be summarized as a process 3, as shown in Figure 3. Process 3 includes the following steps:

步驟S300:開始。 Step S300: Start.

步驟S302:判斷第一權限是否存在於權限總表中的複數個應用權限中。若是,執行步驟S304。若否,執行步驟S306。 Step S302: Determine whether the first permission exists in the multiple application permissions in the permission list. If yes, execute step S304. If not, execute step S306.

步驟S304:取得第一權限。 Step S304: Obtain the first authority.

步驟S306:決定第一權限是否通過審核。若是,執行步驟S304。若否,執行步驟S308。 Step S306: Determine whether the first permission has passed the review. If yes, execute step S304. If no, execute step S308.

步驟S308:停止取得該第一權限。 Step S308: Stop obtaining the first permission.

步驟S310:結束。 Step S310: End.

關於步驟S302、S304的詳細說明及其衍生變化可參考前述說明,在此不贅述。在步驟S306中,審查委員會的委員接收到使用者對第一權限的請求後,透過使用者介面10審核第一權限。當第一權限未通過審核時,資料處理模組30無法讓使用者取得第一權限。反之,當第一權限通過審核時,資料處理模組30讓使用者取得第一權限。需注意的是,權限總表的複數個應用權限中沒有第一權限,因此資料處理模組30可以將第一權限加入權限總表中,如此一來,未來使用者再次請求第一權限時,即可不經過審核委員會而由權限建立系統1自 動通過第一權限的請求。在一實施例中,應用權限建立系統1在初始建立時,權限總表中可能不存在任何資料權限,因此使用者申請的多個資料權限中的每一個資料權限都會經過步驟S306,多個資料權限中的部分資料權限在通過審核委員會的審核後,即會加入權限總表中。 The detailed description of steps S302 and S304 and their derivative changes can be referred to the above description, which will not be repeated here. In step S306, after receiving the user's request for the first permission, the member of the review committee reviews the first permission through the user interface 10. When the first permission does not pass the review, the data processing module 30 cannot allow the user to obtain the first permission. On the contrary, when the first permission passes the review, the data processing module 30 allows the user to obtain the first permission. It should be noted that the first permission is not included in the multiple application permissions in the permission summary table, so the data processing module 30 can add the first permission to the permission summary table. In this way, when the user requests the first permission again in the future, the permission establishment system 1 can automatically pass the request for the first permission without going through the review committee. In one embodiment, when the application permission establishment system 1 is initially established, there may not be any data permission in the permission list, so each of the multiple data permissions applied for by the user will go through step S306, and some of the multiple data permissions will be added to the permission list after passing the review of the review committee.

另一方面,審核委員會可以利用應用權限建立系統1主動變動(新增、更新和縮減)權限總表和使用者的權限範圍。舉例來說,審查委員會的委員透過使用者介面10審核權限總表中的複數個應用權限中的一第二權限,當第二權限通過審核時,維持權限總表;當第二權限未通過審核時,將權限總表中的第二權限刪除。此外,若第二權限相同於使用者請求的或已取得的第一權限,停止取得或回收第一權限。 On the other hand, the review committee can use the application permission establishment system 1 to actively change (add, update and reduce) the permission list and the user's permission range. For example, the review committee members review a second permission among multiple application permissions in the permission list through the user interface 10. When the second permission passes the review, the permission list is maintained; when the second permission fails the review, the second permission in the permission list is deleted. In addition, if the second permission is the same as the first permission requested or obtained by the user, the first permission is stopped or revoked.

更進一步地,不同使用者可能具有不同的權限範圍且分別具有其對應的權限總表,且其請求的資料權限亦可能不同,為了更有效管理使用者的權限範圍,在另一實施例中,本發明另可增加自動刪除資料權限功能,使權限總表中不會有過多資料權限而造成資安問題。自動刪除資料權限功能可歸納為一流程4,如第4圖所示。流程4包含以下步驟: Furthermore, different users may have different permission ranges and their corresponding permission lists, and the data permissions they request may also be different. In order to more effectively manage the user's permission range, in another embodiment, the present invention can also add an automatic deletion of data permissions function so that there will not be too many data permissions in the permission list to cause information security problems. The automatic deletion of data permissions function can be summarized as a process 4, as shown in Figure 4. Process 4 includes the following steps:

步驟S400:開始。 Step S400: Start.

步驟S402:判斷是否刪除權限總表中的一第三權限。 Step S402: Determine whether to delete a third permission in the permission list.

步驟S404:當第三權限經過一臨界值時間未被請求時,將權限總表中的第三權限刪除。 Step S404: When the third permission is not requested for a critical time, the third permission in the permission list is deleted.

步驟S406:當第三權限有被請求時,維持權限總表中的第三權限。 Step S406: When the third permission is requested, maintain the third permission in the permission list.

步驟S408:結束。 Step S408: End.

關於流程4的詳細說明及其衍生變化可參考前述說明,在此不贅述。需注意的是,流程4係為本發明不同實施例,本領域具通識者當可據以做不同修飾,而不限於此。例如,當第三權限經過一臨界值時間未被請求時,資料處理模組30將權限總表中的第三權限刪除,並同時回收使用者已取得與第三權限相同的資料權限。例如,資料處理模組30可以先判斷第三權限是否為使用者已取得的資料權限,若是,則不執行流程4。若否,才開始執行流程4。 For detailed description of process 4 and its derivative changes, please refer to the above description, which will not be elaborated here. It should be noted that process 4 is a different embodiment of the present invention, and those skilled in the art can make different modifications accordingly, but are not limited to this. For example, when the third permission is not requested after a critical time, the data processing module 30 deletes the third permission in the permission list and reclaims the data permission that the user has obtained that is the same as the third permission. For example, the data processing module 30 can first determine whether the third permission is a data permission that the user has obtained. If so, process 4 will not be executed. If not, process 4 will be executed.

最後,關於應用權限建立系統1的實際運作可以參考第5圖。第5圖為本發明實施例應用權限建立系統1處理一採購系統權限的示意圖。儲存模組20中儲存有一權限總表52和一使用者權限表50。權限總表52紀錄使用者可取得的資料權限,其包含一請購清單、一存貨清單和一工作清單。使用者權限表50紀錄使用者目前擁有的資料權限,其包含存貨清單。在一實施例中,當使用者透過使用者介面10請求請購清單的資料權限時,資料處理模組30判斷請購清單的資料權限包含在權限總表52紀錄的資料權限中,因此使用者可以自動取得請購清單的資料權限,換言之,資料處理模組30會在使用者權限表50中加入請購清單的資料權限。需注意的是,如第5圖所示,使用者可以請求更動使用者權限表50,而審核委員會可以更動權限總表52,此外權限總表52的資料權限範圍會大於或等於使用者權限表50的資料權限範圍。在另一實施例中,審核委員會可以刪除權限總表52中存貨清單的資料權限(未示出於第5圖中),資料處理模組30判斷使用者權限表50中存貨清單的資料權限已不存在權限總表52中,因此資料處理模組30對應地刪除使用者權限表50中存貨清單的資料權限。 Finally, the actual operation of the application authority establishment system 1 can be referred to FIG5. FIG5 is a schematic diagram of the application authority establishment system 1 processing a purchasing system authority according to an embodiment of the present invention. The storage module 20 stores a authority summary table 52 and a user authority table 50. The authority summary table 52 records the data authority that the user can obtain, which includes a purchase request list, an inventory list, and a work list. The user authority table 50 records the data authority that the user currently has, which includes an inventory list. In one embodiment, when a user requests data permissions for a purchase order list through the user interface 10, the data processing module 30 determines that the data permissions for the purchase order list are included in the data permissions recorded in the permission summary table 52, so the user can automatically obtain the data permissions for the purchase order list. In other words, the data processing module 30 will add the data permissions for the purchase order list to the user permission table 50. It should be noted that, as shown in FIG. 5 , the user can request to modify the user permission table 50, and the review committee can modify the permission summary table 52. In addition, the data permission range of the permission summary table 52 is greater than or equal to the data permission range of the user permission table 50. In another embodiment, the review committee can delete the data permissions of the inventory list in the permission table 52 (not shown in FIG. 5 ), and the data processing module 30 determines that the data permissions of the inventory list in the user permission table 50 no longer exist in the permission table 52, so the data processing module 30 deletes the data permissions of the inventory list in the user permission table 50 accordingly.

需注意的是,應用權限建立系統1係為本發明之實施例,本領域具通常知識者當可依本發明的精神加以結合、修飾或變化以上所述的實施例,而不 限於此。上述所有的說明、步驟、及/或流程(包含建議步驟),可透過硬體、軟體、韌體(即硬體裝置與電腦指令的組合,硬體裝置中的資料為唯讀軟體資料)、電子系統、或上述裝置的組合等方式實現。硬體可包含類比、數位及混合電路(即微電路、微晶片或矽晶片)。電子系統可包含系統單晶片(system on chip,SoC)、系統封裝(system in package,SiP)、電腦模組(computer on module,CoM)及電腦系統。本發明之流程步驟與實施例可以程式碼或指令的型態存在而儲存於儲存模組20中。儲存模組20可為電腦可讀取記錄媒體,儲存模組20可包括唯讀記憶體(read-only memory,ROM)、快閃記憶體(Flash Memory)、隨機存取記憶體(random-access memory,RAM)、用戶識別模組(Subscriber Identity Module,SIM)、硬碟或光碟唯讀記憶體(CD-ROM/DVD-ROM/BD-ROM),但不以此為限。上述流程及實施例可被編譯成程式代碼或指令並儲存於儲存模組20。資料處理模組30可用於讀取與執行儲存模組20中所儲存的程式碼或指令以實現前述所有步驟與功能。 It should be noted that the application permission establishment system 1 is an embodiment of the present invention. A person with ordinary knowledge in the field can combine, modify or change the above-mentioned embodiments according to the spirit of the present invention, but is not limited thereto. All the above descriptions, steps, and/or processes (including recommended steps) can be implemented through hardware, software, firmware (i.e., a combination of hardware devices and computer instructions, the data in the hardware devices are read-only software data), electronic systems, or combinations of the above devices. Hardware can include analog, digital and hybrid circuits (i.e., microcircuits, microchips or silicon chips). Electronic systems can include system on chip (SoC), system in package (SiP), computer on module (CoM) and computer systems. The process steps and embodiments of the present invention may exist in the form of program codes or instructions and be stored in the storage module 20. The storage module 20 may be a computer-readable recording medium, and the storage module 20 may include a read-only memory (ROM), a flash memory (Flash Memory), a random-access memory (RAM), a subscriber identity module (SIM), a hard disk or a CD-ROM (CD-ROM/DVD-ROM/BD-ROM), but is not limited thereto. The above process and embodiments may be compiled into program codes or instructions and stored in the storage module 20. The data processing module 30 can be used to read and execute the program code or instructions stored in the storage module 20 to implement all the aforementioned steps and functions.

綜上所述,本發明的應用權限建立方法及應用權限建立系統可以自動化和系統化處理使用者的資料權限請求和管理使用者的權限範圍,審核委員會可以透過本發明的應用權限建立方法及應用權限建立系統審核和更動使用者的權限範圍。如此一來,相較於先前技術,本發明可以減少人工成本並加速公司的數位轉型。 In summary, the application permission establishment method and application permission establishment system of the present invention can automatically and systematically process the user's data permission request and manage the user's permission scope. The review committee can review and change the user's permission scope through the application permission establishment method and application permission establishment system of the present invention. In this way, compared with the previous technology, the present invention can reduce labor costs and accelerate the company's digital transformation.

以上所述僅為本發明之較佳實施例,凡依本發明申請專利範圍所做之均等變化與修飾,皆應屬本發明之涵蓋範圍。 The above is only the preferred embodiment of the present invention. All equivalent changes and modifications made within the scope of the patent application of the present invention shall fall within the scope of the present invention.

2:流程 2: Process

S200-S208:步驟 S200-S208: Steps

Claims (8)

一種應用權限建立方法,包含以一運算裝置執行下列步驟:請求一第一權限;判斷該第一權限是否存在於一權限總表中的複數個應用權限中;當該第一權限存在於該權限總表中的該複數個應用權限中時,取得該第一權限;當該第一權限不存在於該權限總表中的該複數個應用權限中時,由一審核委員會審核該第一權限;由該審核委員會審核該權限總表中的該複數個應用權限中的一第二權限;當該第二權限通過審核時,維持該權限總表;以及當該第二權限未通過審核時,將該權限總表中的該第二權限刪除。 A method for establishing application permissions includes executing the following steps with a computing device: requesting a first permission; determining whether the first permission exists in a plurality of application permissions in a permission list; obtaining the first permission when the first permission exists in the plurality of application permissions in the permission list; reviewing the first permission by a review committee when the first permission does not exist in the plurality of application permissions in the permission list; reviewing a second permission in the plurality of application permissions in the permission list by the review committee; maintaining the permission list when the second permission passes the review; and deleting the second permission in the permission list when the second permission fails the review. 如請求項1所述之應用權限建立方法,另包含有:當該第一權限通過審核時,取得該第一權限,並將該第一權限加入該權限總表中的該複數個應用權限中;以及當該第一權限未通過審核時,停止取得該第一權限。 The method for establishing application permissions as described in claim 1 further includes: when the first permission passes the review, obtaining the first permission and adding the first permission to the plurality of application permissions in the permission list; and when the first permission fails the review, stopping obtaining the first permission. 如請求項1所述之應用權限建立方法,其中將該權限總表中的該第二權限刪除的步驟另包含有:若該第二權限相同於該第一權限,停止取得或回收該第一權限。 In the method for establishing application permissions as described in claim 1, the step of deleting the second permission in the permission list further includes: if the second permission is the same as the first permission, stop obtaining or reclaim the first permission. 如請求項1所述之應用權限建立方法,另包含有:判斷是否刪除該權限總表中的一第三權限;當該第三權限經過一臨界值時間未被請求時,將該權限總表中的該第三權限刪除;以及當該第三權限有被請求時,維持該權限總表中的該第三權限。 The application permission establishment method as described in claim 1 further includes: determining whether to delete a third permission in the permission list; when the third permission has not been requested for a critical time, deleting the third permission in the permission list; and when the third permission has been requested, maintaining the third permission in the permission list. 一種應用權限建立系統,包含有:一使用者介面,用來請求一第一權限;一儲存模組,用來儲存一權限總表;以及一資料處理模組,耦接該使用者介面和該儲存模組,用來執行下述步驟:判斷該第一權限是否存在於一權限總表中的複數個應用權限中;當該第一權限存在於該權限總表中的該複數個應用權限中時,取得該第一權限;當該第一權限不存在於該權限總表中的該複數個應用權限中時,由一審核委員會透過該使用者介面審核該第一權限;由該審核委員會透過該使用者介面審核該權限總表中的複數個應用權限中的一第二權限;當該第二權限通過審核時,維持該權限總表;以及當該第二權限未通過審核時,將該權限總表中的該第二權限刪除。 An application permission establishment system includes: a user interface for requesting a first permission; a storage module for storing a permission list; and a data processing module, coupled to the user interface and the storage module, for executing the following steps: determining whether the first permission exists in a plurality of application permissions in a permission list; obtaining the first permission when the first permission exists in the plurality of application permissions in the permission list; When the first permission does not exist in the plurality of application permissions in the permission list, a review committee reviews the first permission through the user interface; the review committee reviews a second permission in the plurality of application permissions in the permission list through the user interface; when the second permission passes the review, the permission list is maintained; and when the second permission fails the review, the second permission in the permission list is deleted. 如請求項5所述之應用權限建立系統,其中該資料處理模組另執行下述步驟:當該第一權限通過審核時,取得該第一權限,並將該第一權限加入該權限總表中的該複數個應用權限中;以及 當該第一權限未通過審核時,停止取得該第一權限。 The application permission establishment system as described in claim 5, wherein the data processing module further performs the following steps: when the first permission passes the review, obtain the first permission and add the first permission to the plurality of application permissions in the permission list; and when the first permission fails the review, stop obtaining the first permission. 如請求項5所述之應用權限建立系統,其中將該權限總表中的該第二權限刪除的步驟另包含有:若該第二權限相同於該第一權限,停止取得或回收該第一權限。 As described in claim 5, the step of deleting the second permission in the permission list further includes: if the second permission is the same as the first permission, stop obtaining or reclaim the first permission. 如請求項5所述之應用權限建立系統,其中該資料處理模組另執行下述步驟:判斷是否刪除該權限總表中的一第三權限;當該第三權限經過一臨界值時間未被請求時,刪除該權限總表中的該第三權限;以及當該第三權限有被請求時,維持該權限總表中的該第三權限。 The application permission establishment system as described in claim 5, wherein the data processing module further performs the following steps: determining whether to delete a third permission in the permission list; deleting the third permission in the permission list when the third permission has not been requested for a critical time; and maintaining the third permission in the permission list when the third permission has been requested.
TW112144861A 2023-11-21 2023-11-21 Application permission establishment method and application permission establishment system TWI862291B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW112144861A TWI862291B (en) 2023-11-21 2023-11-21 Application permission establishment method and application permission establishment system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW112144861A TWI862291B (en) 2023-11-21 2023-11-21 Application permission establishment method and application permission establishment system

Publications (2)

Publication Number Publication Date
TWI862291B true TWI862291B (en) 2024-11-11
TW202522264A TW202522264A (en) 2025-06-01

Family

ID=94380063

Family Applications (1)

Application Number Title Priority Date Filing Date
TW112144861A TWI862291B (en) 2023-11-21 2023-11-21 Application permission establishment method and application permission establishment system

Country Status (1)

Country Link
TW (1) TWI862291B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080271139A1 (en) * 2007-04-30 2008-10-30 Saurabh Desai Determination of access checks in a mixed role based access control and discretionary access control environment
CN104809390A (en) * 2014-01-26 2015-07-29 中兴通讯股份有限公司 Safe operation method and device of system
TWI775460B (en) * 2021-06-01 2022-08-21 重量科技股份有限公司 Risk information exchange system and method with privacy protection
TWI793037B (en) * 2022-06-27 2023-02-11 財團法人亞洲大學 Medical data ownership management method
CN108829781B (en) * 2018-05-31 2023-07-25 中国平安人寿保险股份有限公司 Client information query method, device, computer equipment and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080271139A1 (en) * 2007-04-30 2008-10-30 Saurabh Desai Determination of access checks in a mixed role based access control and discretionary access control environment
CN104809390A (en) * 2014-01-26 2015-07-29 中兴通讯股份有限公司 Safe operation method and device of system
CN108829781B (en) * 2018-05-31 2023-07-25 中国平安人寿保险股份有限公司 Client information query method, device, computer equipment and storage medium
TWI775460B (en) * 2021-06-01 2022-08-21 重量科技股份有限公司 Risk information exchange system and method with privacy protection
TWI793037B (en) * 2022-06-27 2023-02-11 財團法人亞洲大學 Medical data ownership management method

Also Published As

Publication number Publication date
TW202522264A (en) 2025-06-01

Similar Documents

Publication Publication Date Title
EP3591510B1 (en) Method and device for writing service data in block chain system
JP3853540B2 (en) Fiber channel-connected magnetic disk device and fiber channel-connected magnetic disk controller
TWI282496B (en) Method for partitioning memory mass storage device and device thereof
CN111898139B (en) Data reading and writing method and device, and electronic equipment
EP4348931A1 (en) Transfer of ownership of a computing device via a security processor
US20100082679A1 (en) Method, apparatus and computer program product for providing object privilege modification
WO2021208758A1 (en) Data permissions management
CN105243335A (en) Rights management method and apparatus
CN107871062A (en) A kind of application permission control method, device and terminal
CN114661788B (en) Block chain data retrieval method and device, electronic equipment and storage medium
EP4348469A1 (en) Firmware policy enforcement via a security processor
CN105933185A (en) Method and device for determining connection abnormity type of router
TWI862291B (en) Application permission establishment method and application permission establishment system
US11687495B2 (en) System and method for managing collaborative multiuser document editing via a distributed ledger
CN108763963A (en) Distributed approach, apparatus and system based on data access authority
CN112966036B (en) A Method of Constructing Master Data Service Based on Logical Model
US20250165652A1 (en) Application permission establishment method and application permission establishment system
CN112783954B (en) Data access method, device and server
CN114443937A (en) Order query method, device and system and computer readable storage medium
CN112925766A (en) Data security management and control device, system, method and readable storage medium thereof
CN112487497A (en) Method and device for managing off-link files based on intelligent contracts and electronic equipment
CN118607001A (en) A cross-border data management method, system and readable storage medium
CN115550010B (en) Key environment access control method based on block chain
EP1752879A1 (en) File management device, file management method, file management program, and computer-readable recording medium containing the file management program
CN116644453A (en) A rights management method, device and equipment for a file system