CN-121997355-A - Multi-dimensional system parameter configuration method and system based on authority management

Abstract

The invention relates to the technical field of access control, in particular to a multidimensional system parameter configuration method and system based on authority management, comprising the following steps: the method comprises the steps of analyzing a configuration request, extracting authority identification resource sensitivity level task type environment credibility, completing normalization inference to generate multidimensional features, splitting rule conditions, clustering and matching to obtain fragments, comparing interval endpoints, calculating difference dividing fragment results, accumulating weights based on chain states, compensating differences to form dynamic decisions, and combining task type determining operation to generate a final configuration result.

Inventors

• GAO YAO

Assignees

• 北京外思特科技有限公司

Dates

Publication Date

20260508

Application Date

20251231

Claims (10)

1. 1. The multidimensional system parameter configuration method based on the authority management is characterized by comprising the following steps of: s1, acquiring and analyzing a configuration request submitted by a user, extracting a user permission identifier, a resource sensitivity level, a task type and environment credibility, combining the configuration request parameter set, and simultaneously carrying out normalization to carry out conditional probability inference to generate a multidimensional permission feature set; S2, acquiring the content of the authority rule base, splitting the condition, clustering the similarity of the split condition, and carrying out condition matching by combining the multidimensional authority feature set to generate an authority fragment matching set; s3, acquiring a condition interval endpoint of each segment based on the authority segment matching set, performing interval comparison item by combining with a configuration request parameter set, performing error calculation, and dividing the established or failed segments according to the positive and negative difference values to generate an authority segment result set; S4, based on the authority fragment result set, analyzing a chain state structure in sequence, acquiring a multi-fragment state value, executing weight accumulation, compensating a failure fragment difference value, and generating a dynamic chain decision set; S5, based on the dynamic chain type decision set, acquiring a weight accumulation result of each section in the chain, executing parameter operation type judgment on the configuration request parameter set, matching the determined operation type with the task type, and generating a system parameter configuration result.
2. 2. The multi-dimensional system parameter configuration method based on authority management according to claim 1, wherein the multi-dimensional authority feature set comprises user authority identification, resource sensitivity level, task type and environment reliability, the authority segment matching set comprises split conditions and similarity clustering results, the authority segment result set comprises a establishment segment, a failure segment and a difference positive and negative judgment result, the dynamic chain decision set comprises a multi-segment state value, a weight accumulation result and a failure segment compensation result, and the system parameter configuration result comprises an operation type matching item, a task type corresponding item and a parameter configuration item.
3. 3. The multi-dimensional system parameter configuration method based on authority management according to claim 1, wherein the specific steps of S1 are as follows: s101, analyzing based on a configuration request submitted by a user, searching user permission identification, resource sensitivity level, task type and environment credibility, and executing normalization transformation on four parameters according to a value interval to generate a permission feature set; S102, invoking the authority feature set, carrying out conditional probability inference on normalized components of four parameters in the feature set, carrying out joint operation on multiple components according to positions in the feature set, and carrying out numerical product analysis on probability values of adjacent components to obtain a probability association sequence; And S103, based on the probability association sequence, performing aggregation processing on all probability values in the sequence according to the arrangement sequence in the sequence, comparing the multiple probability values with an aggregation threshold value during aggregation so as to screen out components with lower weights, and performing vectorization coding on reserved components according to the sequence to obtain a multidimensional authority feature set.
4. 4. The rights management based multidimensional system parameter configuration method as recited in claim 3, wherein the aggregate threshold is set by counting all probability values in the sequence, analyzing a sum of a mean value of all probability values and 3 times of standard deviation.
5. 5. The multi-dimensional system parameter configuration method based on authority management according to claim 1, wherein the specific steps of S2 are as follows: S201, based on the multidimensional authority feature set, acquiring authority rule base content and splitting, executing comparison according to character sequence length in the condition, executing difference calculation on the character sequence length and a condition splitting reference value during the comparison, and adjusting the dividing boundary of the condition fragments according to the difference result to generate a condition fragment set; S202, based on the multi-condition fragments in the condition fragment set, performing similarity calculation according to character sequence positions in the fragments, screening out abnormal fragments during the similarity calculation, and clustering reserved fragments according to character content to obtain fragment clustering clusters; S203, according to the fragment cluster, performing matching judgment on the character sequences of the multiple fragments in the cluster and the characteristic values in the multidimensional authority characteristic set, calculating the numerical difference between the character sequences and the characteristic values, screening fragments, and then carrying out integration coding on the screened fragments according to the cluster to obtain the authority fragment matching set.
6. 6. The method for configuring parameters of a multidimensional system based on authority management according to claim 5, wherein the condition splitting reference value is set by analyzing the character sequence length of all authority conditions in the authority rule base, and analyzing the sum of the character sequence length mean value of all authority conditions and the standard deviation of 3 times.
7. 7. The multi-dimensional system parameter configuration method based on authority management according to claim 1, wherein the specific steps of S3 are as follows: S301, searching the symbol positions of the section aiming at the multi-character sequence based on the authority fragment matching set, comparing the left and right numerical values of the symbols according to the character sequence, executing section boundary adjustment on the left and right numerical value difference values according to positive and negative during the comparison, and recording the adjusted endpoint numerical value pairs to generate a section endpoint group; S302, calling the interval endpoint group and the configuration request parameter set, comparing the multi-endpoint value in the endpoint group with the corresponding parameter execution interval in the request parameter set, and executing difference calculation on the endpoint value and the request parameter value during the comparison to obtain an interval difference sequence; S303, aiming at the interval difference value sequence, performing classification judgment according to the positive and negative of multiple difference values in the sequence, and performing aggregation coding on classification results according to fragment indexes during judgment to obtain a permission fragment result set.
8. 8. The multi-dimensional system parameter configuration method based on authority management according to claim 1, wherein the specific steps of S4 are as follows: s401, based on the authority fragment result set, performing sequence retrieval of a chain state structure aiming at multi-segment state identifiers in the result set, performing analysis on adjacent state identifiers in the sequence according to an index sequence, and performing comparison on the numerical values of the adjacent state identifiers during the analysis to generate a multi-segment state value group; s402, calling the multi-fragment state value group, executing accumulated computation on the multi-state values in the state value group and corresponding weight parameters according to the weight parameters of the multi-state values in the chain state structure, and recording accumulated value sequences according to state value indexes on accumulated results during computation to obtain chain accumulated weight value sequences; s403, aiming at the chained accumulated weight value sequence, performing difference compensation on the corresponding index position in the accumulated weight value sequence according to the failure fragment difference value recorded in the authority fragment result set, and performing chain sequential aggregation coding on the compensation result during compensation to obtain a dynamic chained decision set.
9. 9. The multi-dimensional system parameter configuration method based on authority management according to claim 1, wherein the specific steps of S5 are as follows: s501, based on the dynamic chain type decision set, performing a search of weight accumulation for a plurality of sections in the decision set, performing operation type judgment on each section of weight accumulation value according to parameters of a configuration request parameter set, and matching the operation type with the parameter value during the judgment to generate a weight accumulation result set; S502, calling the weight accumulation result group, screening each operation type according to task type requirements, comparing the screening result with parameter information in a configuration request parameter set, and recording the matching condition during the comparison period to obtain an operation type matching sequence; And S503, performing task type verification on the matching result according to the operation type matching sequence, and confirming the matched operation type and task type during verification to generate a system parameter configuration result.
10. 10. A multi-dimensional system parameter configuration system based on rights management, characterized in that the system is used for implementing the multi-dimensional system parameter configuration method based on rights management according to any one of claims 1 to 9, the system comprising: the data analysis module is used for acquiring and analyzing a configuration request submitted by a user, extracting a user permission identifier, a resource sensitivity level, a task type and environment credibility, combining the configuration request parameter set, carrying out normalization to carry out conditional probability inference, generating a multidimensional permission feature set and transmitting the multidimensional permission feature set to the rule clustering module; the rule clustering module is used for obtaining the content of the authority rule base, carrying out condition splitting, carrying out similarity clustering on the split conditions, carrying out condition matching by combining the multi-dimensional authority feature set, generating an authority fragment matching set and transmitting the authority fragment matching set to the interval comparison module; The interval comparison module is used for acquiring a condition interval endpoint of each segment based on the authority segment matching set, executing interval comparison item by combining with the configuration request parameter set and executing error calculation, dividing the established or failed segment according to the positive and negative difference value, generating an authority segment result set and transmitting the authority segment result set to the chain decision module; The chain decision module is used for acquiring a multi-fragment state value and executing weight accumulation based on the authority fragment result set and sequentially analyzing a chain state structure, compensating a failure fragment difference value, generating a dynamic chain decision set and transmitting the dynamic chain decision set to the parameter configuration module; And the parameter configuration module is used for acquiring a weight accumulation result of each section in the chain based on the dynamic chain type decision set, executing parameter operation type judgment on the configuration request parameter set, matching the determined operation type with the task type and generating a system parameter configuration result.

Description

Multi-dimensional system parameter configuration method and system based on authority management Technical Field The invention relates to the technical field of access control, in particular to a multidimensional system parameter configuration method and system based on authority management. Background The technical field of access control mainly focuses on the management of data resources and operation authorities in an information system, and the core matters comprise the identification and verification of identities of subjects, the authority division of object resources, the execution verification of access requests and the dynamic adjustment of authority relationships. The conventional method and system for configuring the parameters of the multi-dimensional system based on the authority management refer to establishing a multi-dimensional authority control relation for parameter items of the system in a complex service environment, and generally needs to comb a configurable range of each parameter item, then formulate corresponding authority conditions according to dimensions such as an organization level, a role structure, a service type or an operation scene, and determine whether to allow setting of target parameters according to manners such as principal identity judgment, dimension matching of the parameter items, data field constraint and rule sequence judgment in a configuration process. In the prior art, static permission tables are relied on for item-by-item comparison in multi-dimensional system parameter configuration, permission conditions are often mapped directly by fixed dimension attributes, comprehensive judgment on relevance among multi-source elements is lacked, the problems of rough condition splitting, stiff dimension boundary and inflexible rule response occur in complex service scenes, matching deviation easily occurs when task type changes, environment reliability fluctuation or resource sensitivity level differences face, permission limiting results are easy to produce misjudgment under different condition combinations, and accordingly configuration range division inaccuracy, request verification burden increase and resource access control effect instability are caused. Disclosure of Invention In order to solve the technical problems in the prior art, the embodiment of the invention provides a multidimensional system parameter configuration method based on authority management, which comprises the following steps: s1, acquiring and analyzing a configuration request submitted by a user, extracting a user permission identifier, a resource sensitivity level, a task type and environment credibility, combining the configuration request parameter set, and simultaneously carrying out normalization to carry out conditional probability inference to generate a multidimensional permission feature set; S2, acquiring the content of the authority rule base, splitting the condition, clustering the similarity of the split condition, and carrying out condition matching by combining the multidimensional authority feature set to generate an authority fragment matching set; s3, acquiring a condition interval endpoint of each segment based on the authority segment matching set, performing interval comparison item by combining with a configuration request parameter set, performing error calculation, and dividing the established or failed segments according to the positive and negative difference values to generate an authority segment result set; S4, based on the authority fragment result set, analyzing a chain state structure in sequence, acquiring a multi-fragment state value, executing weight accumulation, compensating a failure fragment difference value, and generating a dynamic chain decision set; S5, based on the dynamic chain type decision set, acquiring a weight accumulation result of each section in the chain, executing parameter operation type judgment on the configuration request parameter set, matching the determined operation type with the task type, and generating a system parameter configuration result. As a further scheme of the invention, the multidimensional authority feature set comprises a user authority identifier, a resource sensitivity level, a task type and an environment credibility, the authority segment matching set comprises a split condition and a similarity clustering result, the authority segment result set comprises a establishment segment, a failure segment and a difference positive and negative judgment result, the dynamic chain decision set comprises a multi-segment state value, a weight accumulation result and a failure segment compensation result, and the system parameter configuration result comprises an operation type matching item, a task type corresponding item and a parameter configuration item. As a further scheme of the invention, the specific steps of S1 are as follows: s101, analyzing based on a configuration request submitted by a user, searching user