Mass data authority control strategy based on combination of blacklist and whitelist

The invention relates to a mass data authority control strategy based on combination of a blacklist and a whitelist. The strategy comprises the following steps: pre-storing an organization table, an user access authority table and a resource information table through a server, wherein the user access authority table is of a multi-level resource set structure and is divided into authority increase and authority decrease, the authority provided for some source means authority increase, otherwise authority decrease is shown; sending an account number and a password input by a user to the server by a client for verifying when the user logs in through the client; inquiring the authority of the user through the user access authority table after passing the verifying, and generating the backlist and the whitelist, wherein the blacklist corresponds to the authority decrease, and the whitelist corresponds to the authority increase; obtaining the resource authority of the user according to the blacklist and the whitelist, and loading the corresponding resource. With the adoption of the strategy, the data quantity of the authority table can be greatly decreased for the resource at tens of thousands of levels; any new resource can be added to the resource set, and all resources can be authorized without changing the authority table, and therefore, the user authority can be flexibly managed.