CN114416751B - RBAC optimization algorithm based on multiplication bitmap - Google Patents
RBAC optimization algorithm based on multiplication bitmap Download PDFInfo
- Publication number
- CN114416751B CN114416751B CN202210318452.9A CN202210318452A CN114416751B CN 114416751 B CN114416751 B CN 114416751B CN 202210318452 A CN202210318452 A CN 202210318452A CN 114416751 B CN114416751 B CN 114416751B
- Authority
- CN
- China
- Prior art keywords
- authority
- bitmap
- multiplication
- role
- index
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000005457 optimization Methods 0.000 title claims abstract description 17
- 238000007906 compression Methods 0.000 claims description 41
- 230000006835 compression Effects 0.000 claims description 37
- 229910002056 binary alloy Inorganic materials 0.000 claims description 22
- 238000000034 method Methods 0.000 claims description 17
- 239000003550 marker Substances 0.000 claims description 9
- 230000008569 process Effects 0.000 claims description 7
- 238000004364 calculation method Methods 0.000 abstract description 3
- 230000009467 reduction Effects 0.000 description 3
- 238000013475 authorization Methods 0.000 description 2
- 230000008602 contraction Effects 0.000 description 2
- 230000001934 delay Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/22—Indexing; Data structures therefor; Storage structures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/21—Design, administration or maintenance of databases
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention relates to the field of data processing and calculation, and discloses a multiplying bitmap-based RBAC optimization algorithm, which comprises the following steps: numbering each role and each authority in sequence respectively, and determining an authority number set owned by each role; setting the digit of the authority identifier, and calculating the multiplication coefficient of the authority owned by the role based on the authority number and the digit of the authority identifier; each digit of the authority identification corresponds to the serial number of the authority in sequence, and the authority identification associated with each multiplication coefficient is converted into a corresponding authority bitmap; and acquiring a multiplication bitmap based on the multiplication coefficient and the authority bitmap, and storing the multiplication bitmap into a database. The technical scheme of the invention has the advantages of small data occupation and storage space, simple and efficient data processing logic and high authority query efficiency.
Description
Technical Field
The invention relates to the field of data processing and calculation, in particular to a multiplying bitmap-based RBAC optimization algorithm.
Background
In a conventional role-based authorization control (RBAC) storage method, the relationship between roles and authorization (functions) is stored in a table record of a relational database, and the storage method in the prior art has the following problems:
(1) the storage space occupies a large space: in a traditional mode, one table record is used for one role-authority relationship, each role-authority relationship record occupies about 64 bits (32 bits of role number and 32 bits of authority number), each role-authority relationship needs to be stored, and a large amount of redundant data needs to be stored;
(2) the expansion operation is complicated: in the traditional method, if the authority is newly added, a large number of role authority relation records need to be initialized, and the operation is complicated;
(3) in the traditional method, when the authority owned by the role is inquired, all authority role relation records need to be filtered, and the inquiry efficiency is low.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: in order to solve the above problems, the present invention provides a multiplicative bitmap-based RBAC optimization algorithm.
In order to achieve the purpose, the technical scheme adopted by the invention is as follows: a multiplicative bitmap-based RBAC optimization algorithm, comprising the following processes:
step S1, numbering each role and each authority in turn respectively, and determining the authority number set owned by each role;
step S2, setting the digit of the authority identification, and calculating the multiplication coefficient of the authority owned by the role based on the authority number and the digit of the authority identification;
step S3, each digit of the authority identification is sequentially corresponding to the serial number of the authority, and the authority identification associated with each multiplication coefficient is converted into a corresponding authority bitmap;
and step S4, acquiring a multiplication bitmap based on the multiplication coefficient and the authority bitmap, and storing the multiplication bitmap in a database.
Further, in step S2, setting the number of bits of the single set of authority identifier as m; acquiring a permission number set corresponding to a role; and for each authority number x in the authority number set, dividing x-1 by m to obtain a multiplication coefficient n by rounding.
Further, setting the number of bits of the authority identifier in the authority bitmap as m, and numbering the indexes of the m identifier bits in sequence from the beginning of 0; dividing x-1 by m to obtain a position index i of each authority number x; marking all authority numbers x with the same symbol on the identification bit of the index i; the number positions which do not possess the authority are marked with another identifier on the identification bits of the remaining indexes.
Further, the index is stored on the multiplication bitmap.
Further, a binary system is adopted for carrying out authority identification, and all authority numbers x with authority are marked by 1 on an identification bit of the index i; and marking the number position without the authority by 0 on the identification bit of the rest indexes.
Further, the method also comprises the process of acquiring the authority:
acquiring all multiplication bitmap records corresponding to roles from a database, and acquiring multiplication coefficients n of all multiplication bitmaps;
acquiring a marker under each multiplication coefficient n, and if the marker of the index i is 1, the role has the authority with the authority number of n × m + (i + 1); if the marker of index i is 0, the role does not have the authority with the authority number n × m + (i + 1).
Further, if the role is the administrator role, the administrator role has all authority numbers, and the administrator role does not calculate the multiplication factor.
Further, the method also comprises the following permission bitmap compression process:
step a, calculating a position index fi of a first authority number with authority based on an authority bitmap;
step b, starting from the position index fi, sequentially calculating the number of the authority numbers which continuously possess the authority or do not possess the authority,
representing the number by binary system to form a continuous binary number sequence;
step c, expressing the number sequence in the step b into a binary compression bitmap;
and d, judging whether the length of the binary system compression bitmap is larger than the length of the authority bitmap, if the length of the binary system compression bitmap is larger than the length of the authority bitmap, compressing the binary system compression bitmap, and if the length of the binary system compression bitmap is smaller than or equal to the length of the authority bitmap, compressing the binary system compression bitmap.
Furthermore, when compression is not needed, 0 is adopted for identification, and when compression is needed, 1 is adopted for identification.
Further, when a continuous binary number sequence is formed, if the permission bitmap ends with continuous 0 s, it is not necessary to calculate the continuous 0 s at the tail.
Compared with the prior art, the invention has the following beneficial effects:
(1) the technical scheme of the invention adopts bitmap to store the role authority relationship, and the data occupies small storage space;
(2) the invention adopts bit operation to judge the role authority relationship, sets the multiplication bitmap and the corresponding authority bitmap to identify, greatly simplifies the operations during capacity reduction and capacity expansion, avoids the authority initialization operation by using rules, delays the authority expansion operation to the authority editing operation based on the multiplication bitmap, and has simple and efficient data processing logic.
(3) When the authority is accessed, the multiplication bitmap and the corresponding authority bitmap are directly read, so that the query logic is greatly simplified, and the query efficiency is improved; the role and authority inquiry can be executed in parallel, and the bitmap analysis and the role authority assembly are completed in the program.
Drawings
Fig. 1 is a schematic flow chart of the multiplication bitmap-based RBAC optimization algorithm of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to the accompanying drawings. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1, an RBAC optimization algorithm based on a multiplication bitmap includes the following processes:
(1) numbering each role in sequence: role number 1, role number 2, numbering in proper order every authority: the permission number 1 and the permission number 2 are used for acquiring a permission number set owned by each role; each authority is a fixed number, and the number of the authority in each role-authority relationship is unchanged regardless of which numbered role has the authority;
(2) because the RBAC model has a plurality of authorities, when the authority number is too large, the bitmap index is longer by using a group of authority identifications, and therefore, based on the setting of the authority identification digit, a plurality of multiplication coefficients and a plurality of groups of corresponding authority identifications can be provided; setting the digit of the single group of authority identification as m, and calculating the multiplication coefficient of the authority corresponding to the role based on the authority number and the limited identification digit m; when the authority number is smaller than m, the multiplication coefficient is 0, when the authority number is larger than or equal to m and smaller than 2m, the multiplication coefficient is 2, and the multiplication coefficients can be obtained by analogy;
(3) whether the serial numbers of the m positions have authority or not can be identified under the same multiplication coefficient, each position of the authority identification sequentially corresponds to the serial number of the authority, and the authority identification associated with each multiplication coefficient is converted into a corresponding authority bitmap;
(4) and acquiring a multiplication bitmap based on the multiplication coefficient and the authority bitmap, and storing the multiplication bitmap into a database.
Compared with a database relation storage mode in a traditional mode, the method adopts the bitmap to store the role authority relation, greatly reduces storage through rules, and records that the number of bits occupied by data is far less than that of the traditional mode, so that the data occupies a small storage space, and can save 98% of the storage space compared with the traditional mode. Compared with database relational operation in the traditional mode, the method adopts bit operation in the memory, and improves the processing efficiency of 3-4 orders of magnitude based on the efficiency comparison of memory reading and writing and disk IO.
Preferably, the digit of the single group of authority identification is set to be m; acquiring a permission number set corresponding to the role, namely the permission number set with permission; for each authority number x in the authority number set, dividing x-1 by m to obtain a multiplication coefficient n by rounding, for example, if the digit m is 10 and the authority number is 9, dividing 9-1 by 10 to obtain a multiplication coefficient of 0. And storing the multiplication coefficient in a bitmap form to obtain a multiplication bitmap.
Preferably, the authority identifier in the authority bitmap is set to have m identification bits, and the indexes of the m identification bits are numbered sequentially from the beginning of 0; dividing x-1 by m to obtain an index i of each authority number x; in some embodiments, an index i is stored on a multiplication bitmap, and all authority numbers x with the authority are marked by the same symbol on an identification bit of the index i; and marking the number position without the authority by another identifier on the identification bit of the rest index positions. For example, if the number of bits m is 10 and the authority number is 9, the index i is 8 obtained by dividing 9-1 by 10, and therefore the position of the authority bitmap with the index of 8 is marked with the ownership authority; and analogizing in turn, calculating the position indexes of all authority numbers corresponding to the roles and marking.
Example one
Taking the role number 1 as an example, the set of the owned authority numbers is [1, 3, 5, 9, 13], that is, the role number 1 has the authority numbers of the authority number 1, the authority number 3, the authority number 5, the authority number 9 and the authority number 13;
for each authority numbered x in the authority number set, dividing (x-1) by m and rounding down to obtain a multiplication coefficient n of the authority number x, and dividing (x-1) by m to obtain an index i of the authority number x in the multiplication bitmap, so that the authority number x is stored in a position with the index i in the multiplication bitmap with the multiplication bitmap coefficient n, and the authority of the authority number x owned by the role can also be identified at the position by using an identifier. In some embodiments, binary system is adopted for identification, and an authority number x with authority is marked by 1 on an identification bit of an index i; and marking the number position without the authority by 0 on the identification bit of other indexes.
(1) Taking the authority with the authority number 1 as an example:
n=(x-1)/m=0/10=0,
i=(x-1)%m=0%10=0;
the authority numbered 1 will be stored in the position with index 0 in the multiplication bitmap with multiplication factor 0 (the indexes are numbered in order from 0);
(2) taking the authority with the authority number of 3 as an example:
n=(x-1)/m=2/10=0,
i=(x-1)%m=2%10=2;
the authority numbered 3 will be stored in the position indexed 2 in the multiplication bitmap with multiplication factor 0 (the indexes are numbered sequentially from 0);
(3) taking the authority with the authority number 5 as an example:
n=(x-1)/m=4/10=0,
i=(x-1)%m=4%10=4;
the authority numbered 5 will be stored in the position indexed 4 in the multiplication bitmap with multiplication factor 0 (the indexes are numbered in order from 0);
(4) taking the authority with the authority number of 9 as an example:
n=(x-1)/m=8/10=0,
i=(x-1)%m=8%10=8;
the authority numbered 9 will be stored in the position indexed 8 in the multiplication bitmap with multiplication factor 0 (the indexes are numbered in order from 0);
(5) taking the right with the right number 13 as an example,
n=(x-1)/m=12/10=1,
i=(x-1)%m=12%10=2;
then the privilege numbered 9 will store the position with index 2 in the multiplication bitmap with multiplication factor 1 (index starts from 0).
For convenience of description, the permission bitmap is represented by a character string in the embodiment, but a binary bitmap is used in actual storage of the scheme. Finally, the multiplication bitmap for role 1 is recorded as in Table 1.
TABLE 1
Preferably, in some embodiments, the permission bitmap may be further compressed to form a reduced bitmap.
The permission settings typically satisfy the following conditions: case 1, the permissions of the same service domain, whose numbers are usually adjacent; in case 2, when setting the role right, the related right of the service domain is usually set continuously; in case 3, when role authority control is implemented, different service domain authorities are generally assigned to different roles.
Based on the above, in the actual permission bitmap, there are a large number of consecutive 0 s or consecutive 1 s, and the number of sequences of consecutive 1 s is small. In this case, the binary data can be greatly compressed by using the optimized version of the permission bitmap in the invention, and the storage space is saved. The larger the bit number m of the authority bitmap before compression is, the smaller the number of sequences of continuous 1 in the authority bitmap is, and the larger the compression ratio is.
The optimized game coding permission bitmap compression steps are as follows: step a, calculating a position index fi of a first authority number with authority based on an authority bitmap, wherein in a specific embodiment, the position index of a first 1 in the authority bitmap is calculated; b, sequentially calculating the number of continuous 1 or continuous 0 from the position index fi, and representing the number by adopting a 4-bit binary system based on an authority bitmap with the authority identification digit of 10 to form a continuous binary system number sequence; step c, expressing the number sequence in the step b into a binary compression bitmap; and d, judging whether the length of the binary compression bitmap is greater than the length of the authority bitmap (the length of the authority bitmap is the number of digits 10 of the authority identifier), if the length of the binary compression bitmap is greater than the length of the authority bitmap, the binary compression bitmap does not need to be compressed, and if the length of the binary compression bitmap is less than or equal to the length of the authority bitmap, the binary compression bitmap needs to be compressed.
In the step d, when compression is not needed, the column [ whether compression is performed ] is set to be 0, and when compression is needed, the column [ whether compression is performed ] is set to be 1.
When a continuous binary number sequence is formed, if the authority bitmap ends with continuous 0, the continuous 0 number at the tail part does not need to be calculated.
The permission bitmap is compressed, for example, the permission bitmap 0010000000 is compressed as follows:
(a) the authority index of the first 1 in the authority bitmap is 2; (b) calculating a sequence of 1 consecutive 1, consecutive binary numbers as [1 ]; (c) the authority bitmap is ended by 7 continuous 0, and the number of the continuous 0 of the authority bitmap does not need to be calculated; (d) obtaining a binary system compressed bitmap of 0001; (e) the length of the binary compression bitmap is 4, which is less than the length of the original authority bitmap 10, then the compression can be performed, and the [ whether to perform compression ] column is set to be 1.
For another example, a 16-bit permission bitmap 0000111001111000 is an example:
run-length coding can be represented by 4-bit binary (since the maximum length that can be represented by 4-bit binary is 16), and the rights bitmap compression process is as follows: (a) the position index fi of the first 1 in the permission bitmap is 4; (b) calculating a binary number sequence s according to the sequence of 1-0 circulation, and dividing an original bitmap into 5 parts of 0000, 111, 00, 1111 and 000 in total; where the first part 0000 is ignored (the head consecutive 0 is ignored because this embodiment starts from the position index fi), the 5 th part 000 is ignored (the tail consecutive 0 is ignored); then, three parts 111, 00 and 1111 are remained, binary digit numbers are respectively calculated to be 3 (3 1 s), 2 (2 0 s) and 4 (4 1 s), and then the obtained binary digit sequence s is [3, 2, 4 ]; (c) coding the binary number sequence s to obtain 0011 (binary system of 3), 0010 (binary system of 2) and 0100 (binary system of 4); finally, binary compression bitmap 001100100100 is obtained; and d, judging that the length 12 of the binary compression bitmap is less than the length 16 of the authority bitmap, and compressing. This example converts 16 bits to 12 bits, and the compression ratio is 75%.
If the original permission bitmap is long (for example 256 bits), each number in the binary number sequence s can be identified by 8-bit binary (the maximum length that can be represented by 8-bit binary is 256), and if the assumed condition is satisfied, that is, there are a large number of consecutive 0 s and 1 s, the compression rate can be greatly improved.
For convenience of description, the compressed bitmap is represented by a character string in the embodiment, but the scheme uses a binary compressed bitmap in actual storage, and an authority bitmap column is not stored in actual storage. The multiplied bitmap for role 1 in table 1 is recorded as table 2 below, based on the permission bitmap compression process.
TABLE 2
Preferably, in some embodiments, after storing the multiplication bitmap and the permission bitmap corresponding to the role in the database, the method further includes a process of acquiring the permission:
A. acquiring all multiplication bitmap records corresponding to roles from a database, and acquiring multiplication coefficients n of all multiplication bitmaps;
in addition, if the permission bitmap is compressed, if the recorded [ compressed or not ] is marked as 0, the step can be omitted; if the recorded (whether to compress) mark is 1, reducing the compressed bitmap into an authority bitmap: recovering a continuous binary number sequence s from the simplified bitmap, wherein the continuous binary number sequence recovered from the bitmap 0001 is [1 ]; initializing a permission bitmap, and setting each bit in the permission bitmap to be 0; in the authority, the authority bitmap is processed according to the continuous binary number sequence s from the index position fi, binary bits in the authority bitmap are continuously set to be 1 or 0, and finally the authority bitmap 0010000000 before compression is obtained.
For example, for a role with role number 1, two multiplication bitmap records are obtained as in table 3.
TABLE 3
B. Converting the multiplication bitmap into an authority relationship, and specifically comprising the following steps:
a. the maximum bit number which can be identified by the bitmap in a single multiplication bitmap record is m =10, namely the number of the permission identification bits is 10;
b. for a multiplication coefficient n in the multiplication bitmap record, acquiring a marker under each multiplication coefficient n;
c. judging whether each bit index i of the bitmap in the multiplication bitmap record has a corresponding authority, and executing the following logics:
if the marker of the marker bit of the index i is 1, indicating that the role has the authority with the authority number of n × m + (i + 1);
for example, in a multiplication bitmap record with a multiplication coefficient of 0, the 3 rd bit (index i = 2) is 1, and n × m + (i +1) =0 × 10+ (2+1) =3, which indicates that the character number 1 has the authority with the authority number of 3;
and by analogy, the above calculation logic is performed on all the mark bits with the mark symbol of 1, and the authority number set of the authority owned by the role 1 is [1, 3, 5, 9, 13 ].
Preferably, an administrator role and a generic role are included in the RBAC model. If the role is the administrator role, the administrator role has all authority numbers, and the administrator role does not calculate the multiplication coefficient; the relationship of the administrator role to the authority need not be stored in the multiplication bitmap. If the role is a common role, the common role only has partial authority, the relation between the common role and the authority needs to be stored in the multiplication bitmap of the embodiment of the invention, and the common role delays the authority expansion operation until the authority is edited.
In the invention, the permission bitmap expansion and contraction can be dynamic expansion and contraction, so that the storage space can be greatly saved. The specific process is as follows:
according to the rule, the administrator role has all the authorities by default, and the common role has no newly-added authority by default, so that when the newly-added weighting limit is added, if the number of the newly-added authority exceeds the identification range of the existing multiplication bitmap, the multiplication bitmap record does not need to be added immediately. The role-related multiplication bitmap recording only needs to just identify the existing authority, and the processing mode can greatly save the storage space.
When a user edits the authority owned by the common role, if the authority number owned by the user is found not to be in the identification range of the existing multiplication bitmap, the multiplication bitmap is newly added for recording; and if the existing multiplication bitmap is found to exceed the identification range of the latest authority, deleting the authority bitmap record exceeding the identification range.
For example:
The list of rights numbers owned by the role with role number 2 is [11, 12, 13], assuming that the number of bits of rights identification in a single multiplied bitmap record is m =10
The multiplication bitmap for role number 2 is recorded as table 4.
TABLE 4
The user edits the role of the role number 2, the authority of the authority number 5 is added, and at the moment, the authority number list owned by the role of the role number 2 is [5, 11, 12 and 13 ]; and if the authority of the authority number 5 is not in the current multiplication bitmap identification range, adding a multiplication bitmap record and an authority bitmap record, and identifying the authority of the authority number 5.
Finally, the multiplied bitmap record for role 2 is changed to table 5.
TABLE 5
The user edits the role of the role number 2, removes the permissions of the permission numbers 11, 12, 13, and leaves only the permission of the permission number 5.
And the multiplication bitmap record with the multiplication coefficient of 1 exceeds the identification range of the latest authority, and the multiplication bitmap record with the multiplication coefficient of 1 is deleted.
Finally, the multiplication bitmap record of the character number 2 is changed to table 6.
TABLE 6
By adopting the RBAC optimization algorithm based on the multiplication bitmap in the embodiment of the invention and adopting a multiplication mode, the method can realize the above
And
the dynamic capacity expansion and capacity reduction processing mode greatly saves the storage space.
Finally, it should be noted that: the above embodiments are only preferred embodiments of the present invention to illustrate the technical solutions of the present invention, but not to limit the technical solutions, and certainly not to limit the scope of the present invention; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; the modifications or the substitutions do not cause the essence of the corresponding technical solutions to depart from the scope of the technical solutions of the embodiments of the present invention; that is, the technical problems to be solved by the present invention, which are not substantially changed or supplemented by the spirit and the concept of the main body of the present invention, are still consistent with the present invention and shall be included in the scope of the present invention; in addition, the technical scheme of the invention is directly or indirectly applied to other related technical fields, and the technical scheme is included in the patent protection scope of the invention.
Claims (8)
1. A multiplication bitmap-based RBAC optimization algorithm is characterized by comprising the following processes:
step S1, numbering each role and each authority in turn respectively, and determining the authority number set owned by each role;
step S2, setting the digit of the authority identifier, and calculating the multiplication coefficient of the authority owned by the role based on the authority number and the digit of the authority identifier;
in step S2, setting the number of bits of the single group of authority identifier as m; acquiring a permission number set corresponding to a role; dividing x-1 by m for each authority number x in the authority number set to obtain a multiplication coefficient n;
step S3, each digit of the authority identification is sequentially corresponding to the serial number of the authority, and the authority identification associated with each multiplication coefficient is converted into a corresponding authority bitmap;
in step S3, setting the number of bits of the authority identifier in the authority bitmap to m, and numbering the indexes of m identifier bits in sequence beginning with 0; dividing x-1 by m to obtain a position index i of each authority number x; marking all authority numbers x with the same symbol on the identification bit of the index i; marking the number position without the authority by another identifier on the identification bits of the rest indexes;
and step S4, based on the multiplication coefficient and the authority bitmap, expressing the multiplication coefficient, the authority number corresponding to the multiplication coefficient and the authority bitmap corresponding to the multiplication coefficient in a bitmap form, acquiring the multiplication bitmap, and storing the multiplication bitmap in a database.
2. A multiplied bitmap-based RBAC optimization algorithm as recited in claim 1, wherein the index is stored on the multiplied bitmap.
3. The multiplied bitmap-based RBAC optimization algorithm of claim 1, wherein binary system is used for privilege identification, and all privilege numbers x for owning privileges are marked with 1 on the identification bit of index i; and marking the number position without the authority by 0 on the identification bit of the rest index.
4. A multiplicative bitmap based RBAC optimization algorithm as recited in claim 3, further comprising the process of obtaining rights:
acquiring all multiplication bitmap records corresponding to roles from a database, and acquiring multiplication coefficients n of all multiplication bitmaps;
acquiring a marker under each multiplication coefficient n, and if the marker of the index i is 1, the role has the authority with the authority number of n × m + (i + 1); if the marker of index i is 0, the role does not have the authority with the authority number n × m + (i + 1).
5. A multiplication bitmap-based RBAC optimization algorithm as recited in claim 1, wherein if an administrator role, the administrator role having all authority numbers, does not calculate multiplication factors.
6. A multiplication bitmap-based RBAC optimization algorithm as recited in claim 1, further comprising an authority bitmap compression process:
step a, calculating a position index fi of a first authority number with authority based on an authority bitmap;
step b, starting from the position index fi, sequentially calculating the number of the authority numbers which continuously possess the authority or do not possess the authority,
representing the number by adopting binary system to form a continuous binary system number sequence;
step c, expressing the number sequence in the step b into a binary compression bitmap;
and d, judging whether the length of the binary system compression bitmap is larger than the length of the authority bitmap, if the length of the binary system compression bitmap is larger than the length of the authority bitmap, compressing the binary system compression bitmap, and if the length of the binary system compression bitmap is smaller than or equal to the length of the authority bitmap, compressing the binary system compression bitmap.
7. A multiplying bitmap based RBAC optimization algorithm as claimed in claim 6 wherein no compression is required and no compression is required.
8. A multiplication bitmap-based RBAC optimization algorithm as claimed in claim 6 wherein when a sequence of consecutive binary numbers is formed, if the permission bitmap ends with consecutive 0 s, there is no need to compute the number of consecutive 0 s at the tail.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210318452.9A CN114416751B (en) | 2022-03-29 | 2022-03-29 | RBAC optimization algorithm based on multiplication bitmap |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210318452.9A CN114416751B (en) | 2022-03-29 | 2022-03-29 | RBAC optimization algorithm based on multiplication bitmap |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114416751A CN114416751A (en) | 2022-04-29 |
| CN114416751B true CN114416751B (en) | 2022-07-01 |
Family
ID=81263466
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210318452.9A Active CN114416751B (en) | 2022-03-29 | 2022-03-29 | RBAC optimization algorithm based on multiplication bitmap |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114416751B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117390007B (en) * | 2023-12-08 | 2024-03-12 | 创意信息技术股份有限公司 | Method, device, equipment and storage medium for collecting large data volume duplicate removal interface data |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111950013A (en) * | 2020-08-24 | 2020-11-17 | 河南大学 | A Fast Assisted Construction Method for RBAC Roles Based on Attribute Exploration |
| CN111984949A (en) * | 2020-08-24 | 2020-11-24 | 北京达佳互联信息技术有限公司 | Authentication method, authentication device, electronic equipment and storage medium |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105389870A (en) * | 2015-10-28 | 2016-03-09 | 广州畅联信息科技有限公司 | Entrance guard management method and system |
| CN109670768A (en) * | 2018-09-27 | 2019-04-23 | 深圳壹账通智能科技有限公司 | Right management method, device, platform and the readable storage medium storing program for executing in multi-service domain |
| CN110399747A (en) * | 2019-07-18 | 2019-11-01 | 佳都新太科技股份有限公司 | A kind of user right correlating method, querying method and device |
| CN111030828B (en) * | 2019-12-19 | 2022-04-19 | 中国电建集团华东勘测设计研究院有限公司 | Authority control method and system under micro-service architecture |
| CN114244595B (en) * | 2021-12-10 | 2024-03-12 | 北京达佳互联信息技术有限公司 | Authority information acquisition method and device, computer equipment and storage medium |
-
2022
- 2022-03-29 CN CN202210318452.9A patent/CN114416751B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111950013A (en) * | 2020-08-24 | 2020-11-17 | 河南大学 | A Fast Assisted Construction Method for RBAC Roles Based on Attribute Exploration |
| CN111984949A (en) * | 2020-08-24 | 2020-11-24 | 北京达佳互联信息技术有限公司 | Authentication method, authentication device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114416751A (en) | 2022-04-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA1252199A (en) | Digital information signal encoding method | |
| US7246139B2 (en) | File system for enabling the restoration of a deffective file | |
| CN114416751B (en) | RBAC optimization algorithm based on multiplication bitmap | |
| CN116303374B (en) | Multi-dimensional report data optimization compression method based on SQL database | |
| JPH06243009A (en) | Method for compressing all text indexes | |
| CN116016606B (en) | Sewage treatment operation and maintenance data efficient management system based on intelligent cloud | |
| CA2770348A1 (en) | Compression of bitmaps and values | |
| CN112152634B (en) | Block compression coding method, device, computer equipment and readable storage medium | |
| CN103873868A (en) | Bitmap data compression method | |
| CN112597345A (en) | Laboratory data automatic acquisition and matching method | |
| CN111061428A (en) | Data compression method and device | |
| CN110704408A (en) | Clustering-based time sequence data compression method and system | |
| CN112632187B (en) | Attribute hiding and canceling method based on counting bloom filter | |
| CN102508690A (en) | Storing method and decoding method for command line of embedded equipment | |
| CN1048607C (en) | Method of correcting errors and erasures in digital information, and device suitable for carrying out the method | |
| CN113035278A (en) | TPBWT-based sliding window compression method based on self-indexing structure | |
| CN109658985B (en) | Redundancy removal optimization method and system for gene reference sequence | |
| CN111035381B (en) | Real-time electrocardiogram data lossless compression method | |
| CN1114209C (en) | High-speed data recording method for digital versatile disk-random access memory | |
| CN111756950B (en) | JPEG-oriented reversible information hiding method based on skip sequence | |
| CN116975006A (en) | Data deduplication method, system and medium based on disk cache and B-tree index | |
| CN113495901B (en) | Quick retrieval method for variable-length data blocks | |
| CN109544651A (en) | Data compression method, image comparison method and device for image comparison | |
| CN108763413B (en) | Data searching and positioning method based on data storage format | |
| JP3129248B2 (en) | Character string search method using two-dimensional array code |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20220429 Assignee: Yunzhu Information Technology (Chengdu) Co.,Ltd. Assignor: China Construction e-commerce Co.,Ltd. Contract record no.: X2023980032450 Denomination of invention: RBAC optimization algorithm based on multiplier bitmap Granted publication date: 20220701 License type: Common License Record date: 20230220 |
|
| EE01 | Entry into force of recordation of patent licensing contract |