Abstract: Zero trust security architecture is subverting people's perception of enterprise security. Its main point is "continuous verification, never trust", which makes more requirements for the subject, object and time of authentication and authorization. This paper mainly discusses how to quickly achieve unified authority management and control under the background of zero trust from the perspective of authority management. Through the investigation and analysis of many enterprises, functional authority and data authority are the most common dimensions of authority management in enterprises. Based on this, we can design a set of universal and highly flexible unified authority platform, which is used to centrally manage the authority data of each enterprise information system, realize the efficient control of authority under the zero trust architecture, and ensure the data security and business security

Key words: zero trust, authority management, unified authority, authority object, digitalization

摘要： 零信任安全架构正在颠覆人们对于企业安全的认知，其主要观点就是“持续验证，永不信任”，对于认证和授权的主体、客体、时间等方面做出了更多要求．本文主要从权限管理方面讨论零信任背景下如何能够快速实现统一的权限管控．经过对多个企业的调研和分析，功能权限和数据权限是企业中最通用的权限管理维度．基于此，可以设计一套通用性、灵活性很高的统一权限平台，用于集中管理企业各个信息系统的权限数据，实现零信任架构下权限的高效控制，保障数据安全和业务安全．

关键词: 零信任, 权限管理, 统一权限, 权限对象, 数字化