Patent Application
20080022372
The UI module 302, the first transceiver module 304, and the setting module 306 are disposed in the client 30; the storage module 406, the determining module 404, the searching module 405, and the second transceiver module 402 are disposed in the server 40.
The UI module 302 receives user information from a user of the client 30 and sends the received user information to the first transceiver module 304. The user information is stored in the first transceiver module 304. The user information comprises a user name and a password corresponding to the user name. The first transceiver module 304 sends the user information to the second transceiver module 402.
The storage module 406 stores account information and user authority information corresponding to the account information therein. The account information comprises a user name and a password corresponding to the user name. The user authority information comprises menu authority information and window authority information. The menu authority information and the window authority information respectively define operational authority for users operating the menus and the windows of software installed in the client 30. The account information and the user authority information are managed by a data management system such as Oracle, SQL server, or Powerbuilder and so on. In this way, the account information and the user authority information are stored in the server 40, thereby a manager of the network system 60 can centrally manage the various users.
The determining module 404 determines whether the user information is valid. In the embodiment, the determining module 404 compares the user information with the account information to determine whether the user information is valid. If the user name and the password of the user information are respectively match those of the account information, the user information is valid. Herein, if the user information is valid, the user information is designated as valid user information. If the user information is invalid, the user cannot use the client 30. In addition, when necessary, the determining module 404 determines whether the account information of the valid user information is locked. If the account information of the valid user information is locked, the user is designated as a locked user, and the locked user cannot use the client 30.
The searching module 405 searches user authority information according to the account information and sends the searched user authority information to the second transceiver module 402. The second transceiver module 402 sends the user authority information to the first transceiver module 304.
The first transceiver module 304 receives the user authority information and stores the user authority information therein. The setting module 306 sets a user authority for the user of the client 30 according to the user authority information stored in the first transceiver module 304. In the exemplary embodiment, the user authority for the user of the client 30 refers to the authority for the user operating the menus and the windows of software installed in the client 30. The user of the client 30 operates the client 30 in light of the user authority.
The first transceiver module 304 and the second transceiver module 402 call a library function of distributed component object model (DCOM) to establish a connection between the client 30 and the server 40. The connection is based on TCP/IP protocol. In an alternative embodiment, the connection may be based on IPX/SPX protocol. The searching module 405 calls a library function of component object model (COM) to search the user authority information.
In step S300, the client 30 receives user information from a user. After the user information is received, the process proceeds to step S301.
In step S301, the client 30 sends the received user information to the server 40.
In step S303, the server 40 determines whether the user information from the client 30 is valid. In the exemplary embodiment, the server 40 compares the user information with the account information stored in the server 40 to determine whether the user information is valid. If the user name and the password of the user information respectively match those of the account information, the user information is valid. Herein, if the user information is valid, the user information is designated as valid user information. If the user information is invalid, the user cannot use the client 30. In addition, when necessary, the server 40 determines whether the account information of the valid user information is locked. If the account information of the valid user information is locked, the user is designated as a locked user, and the locked user cannot use the client 30. If the user information from the client 30 is valid, the process proceeds to step S305.
In step S305, the server 40 searches user authority information according to the user information.
If the user information from the user of the client 30 is invalid, the process proceeds to step S300, which is described above. That is, if the user information from the user of the client 30 is invalid, the client 30 is ready to receive other user information.
In step S307, the server 40 sends the searched user authority information to the client 30.
In step S309, the client 30 sets a user authority according to the searched user authority information. In this way, the user of the client 30 operates the client 30 according to the set user authority.
In step S400, the client 30 determines whether the user is allowed to operate a menu according to the searched user authority information. If the user is allowed to operate the menu, the process proceeds to step S402. Herein, if the user is allowed to operate the menu, the user is designated as a menu user.
In step S402, the client 30 determines whether the menu user is allowed to operate submenus of the menu if the user is a menu user, then the process proceeds to step S404.
If the user is not allowed to operate the menu, the process directly proceeds to step S404.
In step S404, the client 30 determines whether a determination has been made for all the menus. If not, then the process returns to step S400 described above.
If a determination has been made for all the menus, the process proceeds to the step S405.
In step S405, the client 30 determines whether the user is allowed to operate a window according to the searched user authority information. If the user is allowed to operate the window, the process proceeds to step S406. Herein, if the user is allowed to operate the window, the user is designated as a window user.
In step S406, the client 30 determines whether the window user is allowed to operate controls of the window, then the process proceeds to step S407.
If the user is not allowed to operate the window, the process directly proceeds to step S407.
In step S407, the client 30 determines whether a determination has been made for all the windows. If not, the process returns to step S405 described above.
If a determination has been made for all the windows, the process proceeds to the step S408.
In step S408, the client 30 sets a user authority according to the determinations.
With the user authority information and the account information being stored in the storage module 406 of the server 40, the user authority information and the account information are managed centrally, thus facilitating managing the account information and the user authority information, and increasing security of the network system 60.
While various embodiments and methods of the present invention have been described above, it should be understood that they have been presented by way of example only and not by way of limitation. Thus the breadth and scope of the present invention should not be limited by the above-described exemplary embodiments, but should be defined only in accordance with the following claims and their equivalents.
| Number | Date | Country | Kind |
|---|---|---|---|
| 95119640 | Jun 2006 | TW | national |
