Summary of the invention
The main purpose of the present invention is to provide a kind for the treatment of method and apparatus of operation system permission, to solve existing skill
Modification program code leads to the problem high to the maintenance cost of system permission when modifying the system permission of operation system in art.
To achieve the goals above, according to an aspect of the invention, there is provided a kind of processing side of operation system permission
Method.
Processing method according to the present invention includes: the first request received for for user allocation system permission, wherein the
The attribute information of user is carried in one request;Read the first permissions data corresponding with attribute information, wherein the first permission number
First mapping relations of Business Entity and operating right item in including operation system;First mapping relations are copied to use
Family.
Further, before reading the first permissions data corresponding with attribute information, processing method further include: obtain industry
The configuration file of the operating right item of entity, wherein operating right item include: creation operation, modification operation, delete operation with
And check operation;Establish the initial mapping relationship of each Business Entity and operating right item in operation system;Based on initial mapping
Relationship generates multiple initial rights data, wherein initial rights data include the first permissions data;Initial rights data are saved
In the database.
Further, reading the first permissions data corresponding with attribute information includes: to extract permission in dependence information to refer to
Determine information;The initial rights data that permission specify information is read from database, obtain the first permissions data.
Further, after the first mapping relations are copied to user, processing method further include: receive and used for changing
Second request of the system permission at family, wherein the authority information of altering system permission is carried in the second request;Acquisition and permission
Corresponding second permissions data of information, wherein initial rights data include the second permissions data, and the second permissions data includes business
The Business Entity of system and the second mapping relations of operating right item;Second mapping relations are copied to user.
Further, before the first mapping relations are copied to user, processing method further include: creation permission duplication
Class;It includes: to replicate class by permission the first mapping relations are copied to user that first mapping relations, which are copied to user,;By second
It includes: to replicate class by permission the second mapping relations are copied to user that mapping relations, which are copied to user,.
To achieve the goals above, according to another aspect of the present invention, a kind of processing dress of operation system permission is provided
It sets.
Processing unit according to the present invention includes: the first receiving module, for receiving for being user allocation system permission
The first request, wherein carry the attribute information of user in the first request;Read module, for reading and attribute information pair
The first permissions data answered, wherein first of Business Entity and operating right item in the first permissions data including operation system
Mapping relations;First replication module, for the first mapping relations to be copied to user.
Further, processing unit further include: first obtains module, for reading the first power corresponding with attribute information
Before limiting data, the configuration file of the operating right item of Business Entity is obtained, wherein operating right item includes: creation operation, repairs
Change operation, delete operation and checks operation;Module is established, for establishing each Business Entity and operating right in operation system
The initial mapping relationship of item;Generation module, for generating multiple initial rights data based on initial mapping relationship, wherein initial
Permissions data includes the first permissions data;Preserving module, for saving initial rights data in the database.
Further, read module includes: extraction module, for extracting permission specify information in dependence information;It reads
Submodule obtains the first permissions data for reading the initial rights data of permission specify information from database.
Further, processing unit further include: the second receiving module, for by the first mapping relations be copied to user it
Afterwards, the second request of the system permission for changing user is received, wherein the power of altering system permission is carried in the second request
Limit information;Second obtains module, for obtaining the second permissions data corresponding with authority information, wherein initial rights data packet
The second permissions data is included, the second permissions data includes the Business Entity of operation system and the second mapping relations of operating right item;
Second replication module, for the second mapping relations to be copied to user.
Further, processing unit further include: creation module, for before the first mapping relations are copied to user,
It creates permission and replicates class;First replication module includes: the first duplication submodule, closes the first mapping for replicating class by permission
System is copied to user;Second replication module includes: the second duplication submodule, for replicating class for the second mapping relations by permission
It is copied to user.
Using the embodiment of the present invention, after receiving for the first request for user allocation system permission, read with
Corresponding first permissions data of attribute information in first request, then by the Business Entity and operating rights in the first permissions data
First mapping relations of limit item are copied to user, to distribute the system permission of operation system for user.In embodiments of the present invention,
It, can be with by reading corresponding with the attribute information of user permissions data and the mapping relations in permissions data being copied to user
Automatically the mapping relations of Business Entity and operating right item are copied to user, are embodied as user's distribution by replicating mapping relations
Or modification authority, it avoids and needs the problem of modifying program code when modifying the system permission of user in the prior art, simplify
The operation of the system permission of distribution operation system, reduces the cost of maintenance system permission.Through the embodiment of the present invention, it solves
Modification program code causes the maintenance cost to system permission high when modifying the system permission of operation system in the prior art
Problem realizes and the mapping relations of Business Entity and operating right item is copied to user without modifying program code automatically
Effect.
Specific embodiment
In order to enable those skilled in the art to better understand the solution of the present invention, below in conjunction in the embodiment of the present invention
Attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is only
The embodiment of a part of the invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill people
The model that the present invention protects all should belong in member's every other embodiment obtained without making creative work
It encloses.
It should be noted that description and claims of this specification and term " first " in above-mentioned attached drawing, "
Two " etc. be to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should be understood that using in this way
Data be interchangeable under appropriate circumstances, so as to the embodiment of the present invention described herein can in addition to illustrating herein or
Sequence other than those of description is implemented.In addition, term " includes " and " having " and their any deformation, it is intended that cover
Cover it is non-exclusive include, for example, the process, method, system, product or equipment for containing a series of steps or units are not necessarily limited to
Step or unit those of is clearly listed, but may include be not clearly listed or for these process, methods, product
Or other step or units that equipment is intrinsic.
It should be noted that in the absence of conflict, the features in the embodiments and the embodiments of the present application can phase
Mutually combination.The present invention will be described in detail below with reference to the accompanying drawings and embodiments.
Fig. 1 is the flow chart of the processing method of operation system permission according to an embodiment of the present invention, as shown in Figure 1, at this
Reason method may include following step S102 to step S106:
Step S102 is received for the first request for user allocation system permission.
Wherein, the attribute information of user is carried in the first request.
Step S104 reads the first permissions data corresponding with attribute information.
Wherein, the first mapping relations of the Business Entity in the first permissions data including operation system and operating right item.
First mapping relations are copied to user by step S106.
Using the embodiment of the present invention, after receiving for the first request for user allocation system permission, read with
Corresponding first permissions data of attribute information in first request, then by the Business Entity and operating rights in the first permissions data
First mapping relations of limit item are copied to user, to distribute the system permission of operation system for user.In embodiments of the present invention,
It, can be with by reading corresponding with the attribute information of user permissions data and the mapping relations in permissions data being copied to user
Automatically the mapping relations of Business Entity and operating right item are copied to user, are embodied as user's distribution by replicating mapping relations
Or modification authority, it avoids and needs the problem of modifying program code when modifying the system permission of user in the prior art, simplify
The operation of the system permission of distribution operation system, reduces the cost of maintenance system permission.Through the embodiment of the present invention, it solves
Modification program code causes the maintenance cost to system permission high when modifying the system permission of operation system in the prior art
Problem realizes and the mapping relations of Business Entity and operating right item is copied to user without modifying program code automatically
Effect.
In the above embodiment of the present invention, the least privilege granularity that operation system can be managed is by function in the prior art
Energy module refine to Business Entity, is embodied as using by the way that the mapping relations of Business Entity and operating right item are copied to user
The system permission of operation system is distributed at family, and solving system permission coarse size in the prior art causes the safety of operation system low
The problem of, to keep the rights management of operation system more accurate, and then improve the safety of operation system.
In the above-described embodiments, functional module can be several by being marked off in operation system according to system concrete function
Block function point, each piece of function point are defined as a functional module, such as: Advertising Management System can mark off launch management module,
The functional modules such as data center module, Reporting Center's module;Business Entity can be business object involved in operation system,
Advertisement, project, advertiser's business object, these business objects, that is, above-mentioned reality can be such as related in an Advertising Management System
Apply the Business Entity in example.
According to that above embodiment of the present invention, before reading the first permissions data corresponding with attribute information, processing method
It can also include: the configuration file for obtaining the operating right item of Business Entity, wherein operating right item includes: creation operation, repairs
Change operation, delete operation and checks operation;Establish the initial mapping of each Business Entity and operating right item in operation system
Relationship;Multiple initial rights data are generated based on initial mapping relationship, wherein initial rights data include the first permissions data;
Initial rights data are saved in the database.
Specifically, the configuration file of the operating right item of Business Entity is obtained, and business system is established according to the configuration file
The initial mapping relationship of each Business Entity and operating right item in system is then based on initial mapping relationship and generates multiple initial power
It limits data and saves initial rights data in the database.
Optionally, initial rights data can be used as permission template, be stored in configuration file or be stored in database
In.
Further, reading the first permissions data corresponding with attribute information may include: that power is extracted in dependence information
Limit specify information;The initial rights data of permission specify information are read from database.
Specifically, the permission specify information of the system permission for designated user is extracted in the attribute information from user
Later, the corresponding initial rights data of permission specify information are read from database, then using the permissions data read as
Corresponding first permissions data of the attribute information of user.
Above-described embodiment through the invention, before reading the first permissions data, according to the Business Entity in operation system
Initial mapping relationships different from operating right item generate different initial rights data, by the way that different permissions datas is automatic
It is copied to different users, is avoided in the prior art to need the problem of modifying program code when user allocation system permission,
The operation for simplifying distribution system permission realizes intelligence by the way that different permissions datas to be copied to different users automatically
The effect of distribution system permission.
In the above embodiment of the invention, after the first mapping relations are copied to user, processing method can be with
It include: the second request for receiving the system permission for changing user, wherein carry altering system permission in the second request
Authority information;Obtaining the second permissions data corresponding with authority information, wherein initial rights data include the second permissions data,
Second permissions data includes the Business Entity of operation system and the second mapping relations of operating right item;Second mapping relations are answered
It makes to user.
Specifically, after the first mapping relations are copied to user, to change the system permission of user, can pass through
The second permissions data corresponding with the authority information of altering system permission in the second request received is obtained, and second is weighed
The second mapping relations in limit data are copied to user, to realize the system permission of change user.
Further, before the first mapping relations are copied to user, processing method can also include: that creation permission is multiple
Class processed;It may include: to replicate class by permission the first mapping relations are copied to user that first mapping relations, which are copied to user,;
It may include: to replicate class by permission the second mapping relations are copied to user that second mapping relations, which are copied to user,.
Specifically, it may be implemented different mapping relations being copied to use by permission duplication class (i.e. permission reproducer class)
Family, that is, when creating new user, permission duplication class can be used will be in the first permissions data corresponding with the attribute information of user
The first mapping relations be copied to new user, to be embodied as the purpose of new user allocation system permission;In the system of change user
When permission, permission duplication class can be used by second in the second permissions data corresponding with the permissions data of altering system permission
Mapping relations are copied to user, to be embodied as the purpose of user's altering system permission.
Above-described embodiment through the invention, the new user in creation operation system or the user for operation system change system
When permission of uniting, different permission template (the initial rights data i.e. in above-described embodiment) can be created, class is replicated by permission
The mapping relations of Business Entity and operating right item in permission template are copied to user automatically, are not necessarily to manual modification program generation
Code realizes intelligentized permission maintenance, reduces the maintenance cost of operation system permission.
Fig. 2 is a kind of flow chart of the processing method of optional operation system permission according to an embodiment of the present invention, such as Fig. 2
Shown, which may include steps of:
Step S202 creates the configuration file for defining the operating right item of Business Entity.
Wherein, operating right item may include creation operation, modification operation, delete operation and check operation.
Step S204 creates the permission template of operation system.
Wherein, permission template can be configuration file, include the mapping relations of entity and operating right item in permission template.
The initial rights data in permission template, that is, above-described embodiment in this embodiment.
Step S206 creates permission reproducer class.
Wherein, the permission in permission reproducer class, that is, above-described embodiment replicates class, for closing the mapping in permission template
System is copied to user.
Step S208 creates user, and specifies permission template for user.
Mapping relations in specified power template are copied to user by step S210, permission reproducer class.
Specifically, before the new user of creation operation system, the operating right item for defining Business Entity is created
Configuration file allows Business Entity to execute creation operation, modification operation, delete operation and check operation, then basis
The permission template of the configuration file creation operation system of operating right item, and permission template is stored in the form of configuration file
In database, meanwhile, it creates for realizing the permission reproducer class that the mapping relations in permission template are copied to user;It is creating
When building user, according to give user's specified power template, access right reproducer class by permission template Business Entity and behaviour
The mapping relations for making authority items are copied to user, so that newly created user has Business Entity and behaviour as permission template
Make the mapping relations of authority items.
It should be further noted that can according to need the multiple permission template of creation in operation system, used in modification
When the system permission at family, permission reproducer class need to be only utilized, reassigns the permission template with user-association, and will reassign
Permission template in mapping relations be copied to user, the modification of the system permission of user can be realized, avoid the prior art
It is middle need to modify to program code the system permission that could change user the problem of.
Above-described embodiment through the invention, using the Business Entity in operation system as the unit of rights management, by matching
The operating right item of purchase of property entity and the permission template of creation Business Entity, and by permission reproducer class automatically by permission mould
The mapping relations of Business Entity and operating right item in plate are copied to user, and realizing automatic is user allocation system permission
Effect, it is easy to operate.
It should be noted that step shown in the flowchart of the accompanying drawings can be in such as a group of computer-executable instructions
It is executed in computer system, although also, logical order is shown in flow charts, and it in some cases, can be with not
The sequence being same as herein executes shown or described step.
Fig. 3 is the schematic diagram of the processing unit of operation system permission according to an embodiment of the present invention, as shown in figure 3, at this
Managing device may include: the first receiving module 10, for receiving the first request being used for as user allocation system permission, wherein
The attribute information of user is carried in first request;Read module 30, for reading the first permission number corresponding with attribute information
According to, wherein the first mapping relations of Business Entity and operating right item in the first permissions data including operation system;First is multiple
Molding block 50, for the first mapping relations to be copied to user.
Using the embodiment of the present invention, after receiving for the first request for user allocation system permission, read with
Corresponding first permissions data of attribute information in first request, then by the Business Entity and operating rights in the first permissions data
First mapping relations of limit item are copied to user, to distribute the system permission of operation system for user.In embodiments of the present invention,
It, can be with by reading corresponding with the attribute information of user permissions data and the mapping relations in permissions data being copied to user
Automatically the mapping relations of Business Entity and operating right item are copied to user, are embodied as user's distribution by replicating mapping relations
Or modification authority, it avoids and needs the problem of modifying program code when modifying the system permission of user in the prior art, simplify
The operation of the system permission of distribution operation system, reduces the cost of maintenance system permission.Through the embodiment of the present invention, it solves
Modification program code causes the maintenance cost to system permission high when modifying the system permission of operation system in the prior art
Problem realizes and the mapping relations of Business Entity and operating right item is copied to user without modifying program code automatically
Effect.
In the above embodiment of the present invention, the least privilege granularity that operation system can be managed is by function in the prior art
Energy module refine to Business Entity, is embodied as using by the way that the mapping relations of Business Entity and operating right item are copied to user
The system permission of operation system is distributed at family, and solving system permission coarse size in the prior art causes the safety of operation system low
The problem of, to keep the rights management of operation system more accurate, and then improve the safety of operation system.
In the above-described embodiments, functional module can be several by being marked off in operation system according to system concrete function
Block function point, each piece of function point are defined as a functional module, such as: Advertising Management System can mark off launch management module,
The functional modules such as data center module, Reporting Center's module;Business Entity can be business object involved in operation system,
Advertisement, project, advertiser's business object, these business objects, that is, above-mentioned reality can be such as related in an Advertising Management System
Apply the Business Entity in example.
According to that above embodiment of the present invention, processing unit can also include: the first acquisition module, in reading and attribute
Before corresponding first permissions data of information, the configuration file of the operating right item of Business Entity is obtained, wherein operating right item
Include: creation operation, modify operation, delete operation and check operation;Module is established, for establishing each industry in operation system
The initial mapping relationship of entity and operating right item;Generation module, for generating multiple initial power based on initial mapping relationship
Limit data, wherein initial rights data include the first permissions data;Preserving module, for initial rights data to be stored in number
According in library.
Specifically, the configuration file of the operating right item of Business Entity is obtained, and business system is established according to the configuration file
The initial mapping relationship of each Business Entity and operating right item in system is then based on initial mapping relationship and generates multiple initial power
It limits data and saves initial rights data in the database.
Optionally, initial rights data can be used as permission template, be stored in configuration file or be stored in database
In.
Further, read module may include: extraction module, for extracting permission specify information in dependence information;
Reading submodule obtains the first permissions data for reading the initial rights data of permission specify information from database.
Specifically, the permission specify information of the system permission for designated user is extracted in the attribute information from user
Later, the corresponding initial rights data of permission specify information are read from database, then using the permissions data read as
Corresponding first permissions data of the attribute information of user.
Above-described embodiment through the invention, before reading the first permissions data, according to the Business Entity in operation system
Initial mapping relationships different from operating right item generate different initial rights data, by the way that different permissions datas is automatic
It is copied to different users, is avoided in the prior art to need the problem of modifying program code when user allocation system permission,
The operation for simplifying distribution system permission realizes intelligence by the way that different permissions datas to be copied to different users automatically
The effect of distribution system permission.
In the above embodiment of the invention, processing unit can also include: the second receiving module, for reflecting by first
The relationship of penetrating is copied to after user, receives the second request of the system permission for changing user, wherein carry in the second request
Have altered the authority information of system permission;Second obtains module, for obtaining the second permissions data corresponding with authority information,
In, initial rights data include the second permissions data, and the second permissions data includes the Business Entity and operating right of operation system
Second mapping relations of item;Second replication module, for the second mapping relations to be copied to user.
Specifically, after the first mapping relations are copied to user, to change the system permission of user, can pass through
The second permissions data corresponding with the authority information of altering system permission in the second request received is obtained, and second is weighed
The second mapping relations in limit data are copied to user, to realize the system permission of change user.
Further, processing unit can also include: creation module, for by the first mapping relations be copied to user it
Before, creation permission replicates class;First replication module includes: the first duplication submodule, is reflected for replicating class by permission by first
The relationship of penetrating is copied to user;Second replication module includes: the second duplication submodule, for replicating class for the second mapping by permission
Relationship is copied to user.
Specifically, it may be implemented different mapping relations being copied to use by permission duplication class (i.e. permission reproducer class)
Family, that is, when creating new user, permission duplication class can be used will be in the first permissions data corresponding with the attribute information of user
The first mapping relations be copied to new user, to be embodied as the purpose of new user allocation system permission;In the system of change user
When permission, permission duplication class can be used by second in the second permissions data corresponding with the permissions data of altering system permission
Mapping relations are copied to user, to be embodied as the purpose of user's altering system permission.
Above-described embodiment through the invention, the new user in creation operation system or the user for operation system change system
When permission of uniting, different permission template (the initial rights data i.e. in above-described embodiment) can be created, class is replicated by permission
The mapping relations of Business Entity and operating right item in permission template are copied to user automatically, are not necessarily to manual modification program generation
Code realizes intelligentized permission maintenance, reduces the maintenance cost of operation system permission.
Application method is identical, answers with provided by the corresponding step of embodiment of the method for modules provided in the present embodiment
It can also be identical with scene.It is noted, of course, that during the scheme that above-mentioned module is related to can be not limited to the above embodiments
Content and scene, and above-mentioned module may operate in terminal or mobile terminal, can pass through software or hardware realization.
It can be seen from the above description that the present invention realizes following technical effect:
Using the embodiment of the present invention, after receiving for the first request for user allocation system permission, read with
Corresponding first permissions data of attribute information in first request, then by the Business Entity and operating rights in the first permissions data
First mapping relations of limit item are copied to user, to distribute the system permission of operation system for user.In embodiments of the present invention,
It, can be with by reading corresponding with the attribute information of user permissions data and the mapping relations in permissions data being copied to user
Automatically the mapping relations of Business Entity and operating right item are copied to user, are embodied as user's distribution by replicating mapping relations
Or modification authority, it avoids and needs the problem of modifying program code when modifying the system permission of user in the prior art, simplify
The operation of the system permission of distribution operation system, reduces the cost of maintenance system permission.Through the embodiment of the present invention, it solves
Modification program code causes the maintenance cost to system permission high when modifying the system permission of operation system in the prior art
Problem realizes and the mapping relations of Business Entity and operating right item is copied to user without modifying program code automatically
Effect.
Obviously, those skilled in the art should be understood that each module of the above invention or each step can be with general
Computing device realize that they can be concentrated on a single computing device, or be distributed in multiple computing devices and formed
Network on, optionally, they can be realized with the program code that computing device can perform, it is thus possible to which they are stored
Be performed by computing device in the storage device, perhaps they are fabricated to each integrated circuit modules or by they
In multiple modules or step be fabricated to single integrated circuit module to realize.In this way, the present invention is not limited to any specific
Hardware and software combines.
The foregoing is only a preferred embodiment of the present invention, is not intended to restrict the invention, for the skill of this field
For art personnel, the invention may be variously modified and varied.All within the spirits and principles of the present invention, made any to repair
Change, equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.