CN109831322B - Multi-system account permission centralized management method, equipment and storage medium - Google Patents

Multi-system account permission centralized management method, equipment and storage medium Download PDF

Info

Publication number
CN109831322B
CN109831322B CN201910033977.6A CN201910033977A CN109831322B CN 109831322 B CN109831322 B CN 109831322B CN 201910033977 A CN201910033977 A CN 201910033977A CN 109831322 B CN109831322 B CN 109831322B
Authority
CN
China
Prior art keywords
server
account
information
request information
account number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910033977.6A
Other languages
Chinese (zh)
Other versions
CN109831322A (en
Inventor
邢志超
赵金水
余成伟
彭伶珊
王天淼
丁妍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN201910033977.6A priority Critical patent/CN109831322B/en
Publication of CN109831322A publication Critical patent/CN109831322A/en
Application granted granted Critical
Publication of CN109831322B publication Critical patent/CN109831322B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The embodiment of the invention provides a method, equipment and a storage medium for centralized management of multi-system account number permissions. The account request information is generated through a first server and comprises account real-name system information and account permission information, the account request information is sent to a second server, the second server checks the account request information, if the account request information is checked by the second server, the first server receives first prompt information sent by the second server and executes account adding operation according to the first prompt information, and after the account adding operation is executed, first feedback information is sent to the second server, so that the second server verifies the added account and the account permission information, and effective management of multi-system multi-account permission information is achieved.

Description

Multi-system account permission centralized management method, equipment and storage medium
Technical Field
The embodiment of the invention relates to the technical field of communication, in particular to a method, equipment and a storage medium for centralized management of multi-system account number permissions.
Background
With the continuous expansion of network scale, network services are more and more complex, daily work based on network operation and maintenance is more and more complex, more and more systems are built, and a person has a plurality of system accounts and applies for a certain system account to know who to find; meanwhile, along with the development of services, the safety management of daily operation and maintenance is continuously improved, and different access authorities need to be configured for different role personnel, so that the safety and effectiveness of information access are guaranteed.
In the existing management, the same person has different account numbers in different systems, and the same person has different account numbers in the same system; and many accounts have no corresponding users, so that a large amount of account redundancy is caused, and a great trouble is brought to the account management work of the system, but a method for effectively managing the user accounts with different access rights of each system is lacked.
Disclosure of Invention
The embodiment of the invention provides a method, equipment and a storage medium for centralized management of multi-system account permission, which are used for realizing effective management of multi-system multi-account permission information.
In a first aspect, an embodiment of the present invention provides a method for centrally managing permissions of multiple system accounts, where the method includes:
the method comprises the steps that a first server generates account request information, wherein the account request information comprises account real-name information and account permission information;
the first server sends the account request information to a second server so that the second server stores the account request information and verifies the account request information;
when the second server passes the account request information verification, the first server receives first prompt information sent by the second server, wherein the first prompt information is used for prompting the first server to perform account adding operation;
after the account adding operation is executed, the first server sends first feedback information to the second server, wherein the first feedback information is used for indicating that the account adding operation is completed by the first server, so that the second server verifies the newly added account and the authority information of the account.
In a second aspect, an embodiment of the present invention provides a server, including:
a memory;
a processor;
a communication interface; and a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to:
generating account request information, wherein the account request information comprises account real-name information and account authority information;
sending the account request information to a second server through the communication interface so that the second server stores the account request information and verifies the account request information;
when the second server passes the verification of the account request information, receiving first prompt information sent by the second server through the communication interface, wherein the first prompt information is used for prompting the server to perform account adding operation;
after the account number adding operation is executed, first feedback information is sent to the second server through the communication interface, and the first feedback information is used for indicating that the server has completed the account number adding operation, so that the second server verifies the added account number and the authority information of the account number.
In a third aspect, an embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to implement the method in the first aspect.
The embodiment of the invention provides a method, equipment and a storage medium for centralized management of multi-system account number permission. Generating new account request information through a first server, wherein the new account request information comprises a new account and real-name system information; sending the request information of the newly added account to a second server so that the second server can check the newly added account; if the second server passes the verification of the newly added account, storing the account information and informing the verification result of the first server through the communication interface; the first server adds an account number as required and informs an account number manager of a second server through a communication interface; the second server of the account manager verifies the authority information of the newly added account and the request account in the first server; the method and the device realize effective management of multi-system multi-account authority information.
Drawings
Fig. 1 is a flowchart of a centralized management method for permissions of multiple system accounts according to an embodiment of the present invention;
fig. 2 is a flowchart of a centralized management method for permissions of multiple system accounts according to an embodiment of the present invention;
fig. 3 is a flowchart of a centralized management method for permissions of multiple system accounts according to an embodiment of the present invention;
fig. 4 is a flowchart of a centralized management method for permissions of multiple system accounts according to another embodiment of the present invention;
fig. 5 is a flowchart of a centralized management method for permissions of multiple system accounts according to another embodiment of the present invention;
fig. 6 is a flowchart of a centralized management method for permissions of multiple system accounts according to another embodiment of the present invention;
fig. 7 is a flowchart of a centralized management method for permissions of multiple system accounts according to another embodiment of the present invention;
fig. 8 is a schematic diagram illustrating a centralized management method for permissions of multiple system accounts according to another embodiment of the present invention;
fig. 9 is a flowchart of a centralized management method for permissions of multiple system accounts according to another embodiment of the present invention;
fig. 10 is a flowchart of a centralized management method for permissions of multiple system accounts according to another embodiment of the present invention;
fig. 11 is a schematic structural diagram of a server according to an embodiment of the present invention.
With the foregoing drawings in mind, certain embodiments of the disclosure have been shown and described in more detail below. These drawings and written description are not intended to limit the scope of the disclosed concepts in any way, but rather to illustrate the concepts of the disclosure to those skilled in the art by reference to specific embodiments.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims.
With the continuous expansion of network scale, network services are more and more complex, daily work based on network operation and maintenance is more and more complex, more and more systems are built, and a person has a plurality of system accounts and applies for a certain system account to know who to find; meanwhile, along with the development of services, the safety management of daily operation and maintenance is continuously improved, and different access authorities need to be configured for different role personnel, so that the safety and effectiveness of information access are guaranteed.
The method and the system mainly configure different user groups of the internal and external network users through the authority management of the sub-role, so that different access authorities are inherited, and the user management of the sub-authority and sub-domain is realized. Meanwhile, unified management of personnel information is achieved through real-name management, a real-name system is required before account numbers are added, the account numbers are associated with the real-name system information, the account numbers corresponding to all systems are deleted in the real-name system, domain division is carried out on personnel in the real-name system, the real-name system is in the region, the account numbers applied by the personnel can only access the function of the region, and the validity and the safety of the account numbers are guaranteed.
The objects of centralized authentication application comprise internal operation and maintenance personnel, external generation and maintenance personnel, broadband outsourcing personnel and the like, and the system is required to be provided with control supporting internal and external personnel to use different modules. Meanwhile, the functions of the internal user and the external user should be physically isolated (i.e., the external person uses an interworking network access system, the internal person uses a unicom internal network access system, and the functions of the two access systems are different according to business needs), so as to facilitate the security and management of the system usage.
Requirements for use of internal and external network functions: the intranet user can log in the function in the use authority of the intranet system, and the intranet user can log in the function in the use authority of the extranet system; the user of the external network can log in the function in the use authority of the external network system.
The system realizes the authority authentication of the internal and external network users according to the requirements, and simultaneously supports the application requirements of the internal and external network isolation from the deployment of the equipment server of the system.
The system can perform security verification on the password set by the user; and the system should set validity period (validity period is set to three months) for each password, the password which is about to pass the validity period should be given to the user for prompting and modifying the password, and the password modified by the user cannot be the password used within two years.
The system can perform authority verification on the resources accessed by the login user, and the user can only access the related resources in the authority.
The system carries out electronic process management and control on addition, deletion and account change of different accounts, and real-name management on personnel information applying for temporary accounts is required. The account management process mainly comprises an account adding process, an account deleting process, an account changing process, an account password resetting process, an account checking process and the like.
The system sets different account number management personnel according to the region and is responsible for maintaining the real-name information in the region and applying for maintaining the account number authority request in the region; and meanwhile, system maintenance personnel are set according to the system and are responsible for maintaining the role account of the system and solving the function information.
The invention provides a centralized management method for multi-system account number permissions, and aims to solve the technical problems in the prior art.
The following describes the technical solutions of the present invention and how to solve the above technical problems with specific embodiments. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present invention will be described below with reference to the accompanying drawings.
Fig. 1 is a flowchart of a centralized management method for permissions of multiple system accounts according to an embodiment of the present invention. The embodiment of the invention provides a centralized management method for multi-system account number permissions, aiming at the technical problems in the prior art, and the method comprises the following specific steps:
step 101, a first server generates account request information, wherein the account request information comprises account real-name information and account authority information.
In this embodiment, the first server may specifically be each application system server, for example, a server of the operation and maintenance integrated management system use department shown in fig. 2, and the second server may specifically be an account centralized management server, for example, a server of the operation and maintenance integrated management system maintenance department shown in fig. 2.
Specifically, the first server generates account request information, where the account request information may include: adding an account number, real-name system information, an applicant contact way, an application system, authority information and the like. The account request information needs to be checked by the second server to ensure that the newly added account is in a real-name system, the information of the account request information is complete, and the authority applied by the account request information meets the management requirement.
And 102, the first server sends the account request information to a second server so that the second server stores the account request information and verifies the account request information.
Specifically, the first server sends the account request information to the second server, so that the second server checks the account request information.
Step 103, when the second server passes the audit of the account request information, the first server receives first prompt information sent by the second server, where the first prompt information is used to prompt the first server to perform an account adding operation.
And if the second server passes the verification of the account request information, the second server sends first prompt information to the first server, wherein the first prompt information is used for prompting the first server to perform account adding operation.
And step 104, after executing the account adding operation, the first server sends first feedback information to the second server, where the first feedback information is used to indicate that the first server has completed the account adding operation, so that the second server verifies the newly added account and the authority information of the account.
And after receiving the first prompt message, the first server executes account number adding operation, specifically, creates a new account number and configures authority for the new account number. After the first server finishes the account adding operation, first feedback information is sent to the second server, the first feedback information is used for indicating that the first server finishes the account adding operation, in addition, the first feedback information can also comprise a newly added account of the first server and authority information of the account, and after the second server receives the first feedback information, the newly added account and the authority information of the account are verified. If the second server fails to verify the new account and the authority information of the account, the second server can also send the new account and the authority information of the account to the first server, so that the first server can execute account adding operation again.
The account request information is generated through a first server and comprises account real-name system information and account permission information, the account request information is sent to a second server, the second server checks the account request information, if the account request information is checked by the second server, the first server receives first prompt information sent by the second server and executes account adding operation according to the first prompt information, and after the account adding operation is executed, first feedback information is sent to the second server, so that the second server verifies the added account and the account permission information, and effective management of multi-system multi-account permission information is achieved.
Fig. 3 is a flowchart of a centralized management method for permissions of multiple system accounts according to an embodiment of the present invention. The embodiment of the invention provides a centralized management method for multi-system account number permissions, aiming at the technical problems in the prior art, and the method comprises the following specific steps:
step 301, the first server generates account request information, where the account request information includes account real-name information and account permission information.
In this embodiment, the first server may specifically be a server of a use department of the operation and maintenance integrated management system shown in fig. 3, the second server may specifically be a server of a maintenance department of the operation and maintenance integrated management system shown in fig. 3, and the third server may specifically be a server of an expert group shown in fig. 3.
An IT administrator of a use department of the operation and maintenance integrated management system generates new account request information through a first server, wherein the new account request information can comprise: adding an account number, real-name system information, an applicant contact way, an application system, authority information and the like. The newly added account request information needs to be subjected to three-level leader audit of the department and two-level leader audit of the department so as to ensure that the newly added account is in a real-name system, the information of the newly added account request information is complete, and the authority applied by the newly added account request information meets the management requirement.
Step 302, the first server sends the account request information to a second server, so that the second server stores the account request information and verifies the account request information.
And the first server sends the request information of the new account to the second server so as to be convenient for the administrator of the operation and maintenance integrated management system to check.
Step 303, when the second server passes the audit of the account request information, the first server receives first prompt information sent by the second server, where the first prompt information is used to prompt the first server to perform an account adding operation.
And if the operation and maintenance integrated management system administrator passes the verification, the second server automatically completes the creation and authority allocation work of the newly added account, the administrator fills a feedback sheet, the feedback sheet comprises the newly added account and the authority information of the newly added account, and the second server sends the feedback sheet to the first server.
Step 304, after executing the account adding operation, the first server sends first feedback information to the second server, where the first feedback information is used to indicate that the first server has completed the account adding operation, so that the second server verifies the added account and the authority information of the account.
And after receiving the feedback list, the first server verifies the newly added account number and the authority information of the newly added account number in the feedback list, if the verification is passed, the flow is filed, and if the verification is not passed, the first server returns the feedback list to the second server, so that the operation and maintenance comprehensive management system administrator can perform the operation of creating the newly added account number and assigning the authority again through the second server.
Step 305, if the second server fails to check the account request information, the first server sends arbitration application information to a third server, so that the third server arbitrates the account request information.
And if the audit of the operation and maintenance integrated management system administrator is not passed, the first server determines whether arbitration is applied, and if the first server does not apply arbitration, the process archiving is carried out. If the first server determines to apply for arbitration, the first server sends arbitration application information to the third server, for example, a newly added account applicant can fill an arbitration request form, the first server sends the arbitration request form to the third server, and the third server starts an arbitration process.
The account request information is generated through a first server and comprises account real-name system information and account permission information, the account request information is sent to a second server, the second server checks the account request information, if the account request information is checked by the second server, the first server receives first prompt information sent by the second server and executes account adding operation according to the first prompt information, and after the account adding operation is executed, first feedback information is sent to the second server, so that the second server verifies the added account and the account permission information, and effective management of multi-system multi-account permission information is achieved.
Fig. 4 is a flowchart of a centralized management method for permissions of multiple system accounts according to another embodiment of the present invention. On the basis of the foregoing embodiment, the account processing method provided in this embodiment specifically includes the following steps:
step 401, the first server generates account deletion request information.
In this embodiment, the first server may specifically be a server of a use department of the operation and maintenance integrated management system shown in fig. 5, the second server may specifically be a server of a maintenance department of the operation and maintenance integrated management system shown in fig. 5, and the third server may specifically be a server of an expert group shown in fig. 5.
Due to the fact that the position of the personnel changes, the account number of the personnel with the changed position needs to be deleted, and the administrator of the use department of the operation and maintenance integrated management system generates account number deleting or freezing request information through the first server. The account deletion or freeze request information may also indicate to which maintenance department the account deletion or freeze request information needs to be sent, for example, the account deletion or freeze request information indicates that the account deletion request information needs to be sent to a server of the operation and maintenance integrated management system maintenance department, that is, a second server. Optionally, the account deletion or freeze request information may include: the account number to be deleted or frozen and the authority information corresponding to the account number. Optionally, the account deletion or freezing request information needs to be subjected to third-level leader review and second-level leader review by the department to ensure that the deleted or frozen account is in a real-name system, the information of the account deletion or freezing request information is complete, and the authority of the account conforms to the management requirement.
Step 402, the first server sends the account deletion request information to a second server, so that the second server stores the account deletion request information and verifies the account deletion request information.
After the account deleting or freezing request information is subjected to the third-level leader audit and the second-level leader audit of the department, the first server sends the account deleting or freezing request information to the second server so as to be convenient for the operation and maintenance comprehensive management system administrator to audit.
If the operation and maintenance integrated management system administrator fails to check, the first server further needs to regenerate the account deletion or freeze request information.
Step 403, when the second server passes the audit of the account deletion request information, the first server receives second prompt information sent by the second server, where the second prompt information is used to prompt the first server to perform an account deletion operation.
Step 404, after executing the account deletion operation, the first server sends second feedback information to the second server, where the second feedback information is used to indicate that the first server has completed the account deletion operation, so that the second server verifies the deleted account.
And if the operation and maintenance comprehensive management system administrator passes the verification, the second server automatically sets the account to be deleted or frozen into a deleted or frozen state for later statistical analysis and use. And filling a feedback sheet by the administrator, wherein the feedback sheet comprises the deleted or frozen account and the state information set to be in the deleted or frozen state, and sending the feedback sheet to the first server by the second server.
After the first server receives the feedback list, the first server notifies the work order applicant that an account deletion or freezing request is made, the first server verifies the deleted or frozen account and the authority information corresponding to the account in the feedback list, and if the first server verifies the deleted or frozen account and the authority information corresponding to the account in the feedback list, the process is filed. And if the first server fails to verify the deleted or frozen account and the authority information corresponding to the account in the feedback list, the first server sends verification failure to the second server so that the second server can delete the account and the authority again.
The embodiment of the invention generates the account deleting request information through the first server, sends the account deleting request information to the second server, so that the second server stores the account deletion request information and verifies the account deletion request information, when the second server passes the account deletion request information audit, the first server receives second prompt information sent by the second server, the second prompt message is used for prompting the first server to perform account deletion operation, the first server sends second feedback information to the second server after executing the account deletion operation, the second feedback information is used for indicating that the first server has finished the account deleting operation, the second server verifies the deleted account, and effective management of multi-system multi-account authority information is achieved.
Fig. 6 is a flowchart of a centralized management method for permissions of multiple system accounts according to another embodiment of the present invention. On the basis of the foregoing embodiment, the account processing method provided in this embodiment specifically includes the following steps:
step 601, the first server generates account number change request information, and the account number change request information is used for requesting to change authority information corresponding to the account number.
In this embodiment, the first server may specifically be a server of a use department of the operation and maintenance integrated management system shown in fig. 7, the second server may specifically be a server of a maintenance department of the operation and maintenance integrated management system shown in fig. 7, and the third server may specifically be a server of an expert group shown in fig. 7.
Because the personnel post changes, account information and authority need to be changed, at the moment, an account change application can be provided by the user, and the account change is suitable for the condition that a login account is not changed, only the account information and the authority information are changed, and the like. The expert group selects the existing account number, the system automatically associates the account number information with the authority information, and the account number information and the authority information can be directly modified on the work order. The account number change application needs to be subjected to three-level leader review by the department so as to ensure that the account number information is complete and the authority applied by the account number change application meets the management requirement. The account change application is audited by an IT administrator after being audited by the third-level leader of the department, and the IT administrator audits application information and determines to which maintenance part the account change application needs to be sent, for example, the IT administrator determines that the account change application needs to be sent to a server of the maintenance department of the operation and maintenance integrated management system as shown in fig. 7.
Step 602, the first server sends the account change request information to a second server, so that the second server stores the account change request information and verifies the account change request information.
After the IT administrator passes the examination, the IT administrator further passes the secondary leader examination of the department, and the first server sends the account number change application to the second server so as to facilitate the examination of the operation and maintenance comprehensive management system administrator.
Step 603, when the second server passes the verification of the account change request information, the first server receives third prompt information sent by the second server, where the third prompt information is used to prompt the first server to perform an account change operation.
If the operation and maintenance integrated management system administrator passes the verification, the second server automatically completes information modification, for example, account information or authority information of the account is modified, the administrator fills a feedback sheet, the feedback sheet comprises the account and the modified account information or authority information, and the second server sends the feedback sheet to the first server.
Step 604, after executing the account number changing operation, the first server sends third feedback information to the second server, where the third feedback information is used to indicate that the first server has completed the account number changing operation, so that the second server verifies the changed account number and the authority information after the account number changing.
And after receiving the feedback list, the first server informs the applicant of verifying the user and the authority information in the operation and maintenance integrated management system, the first server verifies the account and the authority information of the account, if the verification is passed, the process is filed, and if the verification is not passed, the first server sends verification failure to the second server, so that an operation and maintenance integrated management system administrator performs the operation of modifying the account information or the operation of modifying the authority information again through the second server.
In the embodiment of the invention, account number change request information is generated by a first server, the account number change request information is used for requesting to change authority information corresponding to an account number, the account number change request information is sent to a second server, so that the second server checks the account number change request information, when the second server passes the check of the account number change request information, the first server receives third prompt information sent by the second server, the third prompt information is used for prompting the first server to perform account number change operation, the first server sends third feedback information to the second server after executing the account number change operation, the third feedback information is used for indicating that the first server has completed the account number change operation, so that the second server verifies the changed account number and the authority information after the account number change, the method and the device realize effective management of multi-system multi-account authority information.
Fig. 8 is a schematic diagram of a centralized management method for permissions of multiple system accounts according to another embodiment of the present invention. On the basis of the foregoing embodiment, the account processing method provided in this embodiment specifically includes the following steps:
step 801, the first server generates account number change request information, where the account number change request information is used to request to change authority information corresponding to the account number.
The specific processes and implementation principles of step 801 and step 601 are consistent, and are not described herein again.
Step 802, the first server sends the account change request information to a second server, so that the second server stores the account change request information and verifies the account change request information.
The specific processes and implementation principles of step 802 and step 602 are consistent, and are not described herein again.
Step 803, when the second server passes the verification of the account change request information, the first server receives third prompt information sent by the second server, where the third prompt information is used to prompt the first server to perform an account change operation.
The specific processes and implementation principles of step 803 and step 603 are consistent, and are not described herein again.
Step 804, after executing the account number changing operation, the first server sends third feedback information to the second server, where the third feedback information is used to indicate that the first server has completed the account number changing operation, so that the second server verifies the changed account number and the authority information after the account number is changed.
The specific processes and implementation principles of step 804 and step 604 are consistent, and are not described herein again.
Step 805, if the second server fails to check the account number change request information, the first server sends arbitration application information to a third server, so that the third server arbitrates the account number to be changed and the authority information after the account number is changed.
And if the audit of the operation and maintenance integrated management system administrator is not passed, the first server determines whether arbitration is applied, and if the first server does not apply arbitration, the process archiving is carried out. If the first server determines to apply for arbitration, the first server sends arbitration application information to the third server, for example, an applicant applying for account number change fills an arbitration request form, the first server sends the arbitration request form to the third server, and the third server starts an arbitration process.
In the embodiment of the invention, account number change request information is generated by a first server, the account number change request information is used for requesting to change authority information corresponding to an account number, the account number change request information is sent to a second server, so that the second server checks the account number change request information, when the second server passes the check of the account number change request information, the first server receives third prompt information sent by the second server, the third prompt information is used for prompting the first server to perform account number change operation, the first server sends third feedback information to the second server after executing the account number change operation, the third feedback information is used for indicating that the first server has completed the account number change operation, so that the second server verifies the changed account number and the authority information after the account number change, the method and the device realize effective management of multi-system multi-account authority information.
Fig. 9 is a flowchart of a centralized management method for permissions of multiple system accounts according to another embodiment of the present invention. On the basis of the foregoing embodiment, the account processing method provided in this embodiment specifically includes the following steps:
step 901, the first server generates account password reset request information, where the account password reset request information is used to request initialization of a password of the account.
Step 902, the first server sends the account password reset request information to a second server, so that the second server stores the account password reset request information and verifies the account password reset request information.
Step 903, when the second server passes the verification of the account password resetting request information, the first server receives fourth prompt information sent by the second server, where the fourth prompt information is used to prompt the first server to perform an account password resetting operation.
Step 904, after the first server performs the account password resetting operation, sending fourth feedback information to the second server, where the fourth feedback information is used to indicate that the first server has completed the account password resetting operation, so that the second server verifies the account after the password resetting.
In this embodiment, the account password resetting request information is sent to the second server through the first server, when the second server passes the account password resetting request information audit, the first server receives fourth prompt information sent by the second server, the fourth prompt information is used for prompting the first server to perform an account password resetting operation, the first server sends fourth feedback information to the second server after executing the account password resetting operation, and the fourth feedback information is used for indicating that the first server has completed the account password resetting operation, so that the second server verifies an account with a reset password, and effective management of multi-system multi-account permission information is achieved.
Fig. 10 is a flowchart of a centralized management method for permissions of multiple system accounts according to another embodiment of the present invention. On the basis of the foregoing embodiment, the account processing method provided in this embodiment specifically includes the following steps:
and drafting account number approval notice by the operation and maintenance integrated management function management department server.
And the operation and maintenance integrated management system maintenance department server receives the approval notice.
And the operation and maintenance integrated management system maintenance department server acquires the account information of each system from the operation and maintenance integrated management system according to a fixed format.
And the operation and maintenance comprehensive management system maintenance department server imports the extracted OSS system account information into the system, and the system automatically completes comparison work.
And the operation and maintenance comprehensive management system maintenance department server generates a feedback list according to the comparison result.
And the operation and maintenance comprehensive management function management department server confirms the account number comparison result, if a problem exists, a difference account number notice is drafted, and if no problem exists, the process is filed.
And the operation and maintenance integrated management service use department server receives the difference account notification.
And the operation and maintenance integrated management service use department server starts the processes of account addition, account deletion, freezing, changing and the like to process the differential account according to the differential account notice.
And (3) the operation and maintenance integrated management service use department server draws up a feedback sheet of the notification sheet of the difference account number, and optionally, the process of the final review and the processes of adding, deleting, freezing, changing and the like of the account number are weakly related.
And the operation and maintenance integrated management service use department server sends the feedback sheet to the operation and maintenance integrated management function management department server so that the operation and maintenance integrated management function management department server audits the feedback result, if unprocessed account numbers exist, the audit feedback result is sent to the operation and maintenance integrated management service use department server, and if no problem exists, the process is filed.
Optionally, when the administrator performs the permission configuration, the administrator may perform the permission configuration on the corresponding account only when the account with the related permission and the to-be-changed permission meets two conditions of approval of the account change management process. When the authority is distributed, the distributed authority is not allowed to exceed the authority range owned by the distributing authority.
Fig. 11 is a schematic structural diagram of a server according to an embodiment of the present invention. The server may specifically be the first server in the above embodiment. The server provided in the embodiment of the present invention may execute the processing flow provided in the embodiment of the centralized management method for permissions of multiple system accounts, as shown in fig. 11, the server 110 includes: memory 111, processor 112, computer programs, and communications interface 113; wherein the computer program is stored in the memory 111 and is configured to be executed by the processor 112 to: generating account request information, wherein the account request information comprises account real-name information and account authority information; sending the account request information to a second server through a communication interface 13, so that the second server stores the account request information and verifies the account request information; when the second server passes the verification of the account request information, receiving first prompt information sent by the second server through a communication interface 13, wherein the first prompt information is used for prompting the server to perform account adding operation; after the account number adding operation is executed, first feedback information is sent to the second server through a communication interface 13, and the first feedback information is used for indicating that the server has completed the account number adding operation, so that the second server verifies the added account number and the authority information of the account number.
Optionally, the processor 12 is further configured to: and if the second server fails to check the account request information, sending arbitration application information to a third server through a communication interface 13 so that the third server arbitrates the account request information.
Optionally, the processor 12 is further configured to: generating account deletion request information; sending the account deletion request information to a second server through a communication interface 13, so that the second server stores the account deletion request information and verifies the account deletion request information; when the second server passes the verification of the account deletion request information, receiving second prompt information sent by the second server through a communication interface 13, wherein the second prompt information is used for prompting the server to perform account deletion operation; after the account deleting operation is performed, second feedback information is sent to the second server through the communication interface 13, where the second feedback information is used to indicate that the server has completed the account deleting operation, so that the second server verifies the deleted account.
Optionally, the processor 12 is further configured to: generating account number change request information, wherein the account number change request information is used for requesting to change authority information corresponding to an account number; sending the account change request information to a second server through a communication interface 13, so that the second server stores the account change request information and verifies the account change request information; when the second server passes the verification of the account number change request information, receiving third prompt information sent by the second server through a communication interface 13, wherein the third prompt information is used for prompting the server to perform account number change operation; after the account number changing operation is executed, third feedback information is sent to the second server through the communication interface 13, where the third feedback information is used to indicate that the server has completed the account number changing operation, so that the second server verifies the changed account number and the authority information after the account number is changed.
Optionally, the processor 12 is further configured to: and if the second server fails to check the account number change request information, sending arbitration application information to a third server through a communication interface 13, so that the third server arbitrates the account number to be changed and the authority information after the account number is changed.
Optionally, the processor 12 is further configured to: generating account password resetting request information, wherein the account password resetting request information is used for requesting to initialize the password of the account; sending the account password resetting request information to a second server through a communication interface 13, so that the second server stores the account password resetting request information and verifies the account password resetting request information; when the second server passes the verification of the account password resetting request information, receiving fourth prompt information sent by the second server through a communication interface 13, wherein the fourth prompt information is used for prompting the server to perform account password resetting operation; after the account password resetting operation is performed, fourth feedback information is sent to the second server through the communication interface 13, where the fourth feedback information is used to indicate that the server has completed the account password resetting operation, so that the second server verifies the account with the password reset.
The server in the embodiment shown in fig. 11 may be configured to execute the technical solution of the above method embodiment, and the implementation principle and the technical effect are similar, which are not described herein again.
In addition, the present embodiment also provides a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to implement the centralized management method for multiple system account permissions described in the foregoing embodiments.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
The integrated unit implemented in the form of a software functional unit may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium and includes several instructions to enable a computer device (which may be a personal computer, a server, or a network device) or a processor (processor) to execute some steps of the methods according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
It is obvious to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional modules is merely used as an example, and in practical applications, the above function distribution may be performed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules to perform all or part of the above described functions. For the specific working process of the device described above, reference may be made to the corresponding process in the foregoing method embodiment, which is not described herein again.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.

Claims (11)

1. A method for centralized management of multi-system account number permissions is characterized by comprising the following steps:
the method comprises the steps that a first server generates account request information, wherein the account request information comprises account real-name information and account permission information;
the first server sends the account request information to a second server so that the second server stores the account request information and verifies the account request information;
when the second server passes the account request information verification, the first server receives first prompt information sent by the second server, wherein the first prompt information is used for prompting the first server to perform account adding operation;
after executing the account number adding operation, the first server sends first feedback information to the second server, wherein the first feedback information is used for indicating that the first server finishes the account number adding operation, so that the second server verifies the added account number and the authority information of the account number;
and if the second server fails to check the account request information, the first server sends arbitration application information to a third server so that the third server arbitrates the account request information.
2. The method of claim 1, further comprising:
the first server generates account deletion request information;
the first server sends the account deletion request information to a second server so that the second server stores the account deletion request information and verifies the account deletion request information;
when the second server passes the verification of the account deletion request information, the first server receives second prompt information sent by the second server, wherein the second prompt information is used for prompting the first server to perform account deletion operation;
after executing the account deletion operation, the first server sends second feedback information to the second server, where the second feedback information is used to indicate that the first server has completed the account deletion operation, so that the second server verifies the deleted account.
3. The method of claim 1, further comprising:
the first server generates account number change request information, and the account number change request information is used for requesting to change authority information corresponding to the account number;
the first server sends the account number change request information to a second server so that the second server stores the account number change request information and verifies the account number change request information;
when the second server passes the verification of the account number change request information, the first server receives third prompt information sent by the second server, wherein the third prompt information is used for prompting the first server to perform account number change operation;
after executing the account number changing operation, the first server sends third feedback information to the second server, where the third feedback information is used to indicate that the first server has completed the account number changing operation, so that the second server verifies the changed account number and the authority information after the account number is changed.
4. The method of claim 3, further comprising:
and if the second server fails to check the account number change request information, the first server sends arbitration application information to a third server so that the third server arbitrates the account number to be changed and the authority information after the account number is changed.
5. The method of claim 1, further comprising:
the first server generates account password resetting request information, wherein the account password resetting request information is used for requesting initialization of a password of the account;
the first server sends the account password resetting request information to a second server so that the second server stores the account password resetting request information and verifies the account password resetting request information;
when the second server passes the verification of the account password resetting request information, the first server receives fourth prompt information sent by the second server, wherein the fourth prompt information is used for prompting the first server to perform account password resetting operation;
after the first server executes the account password resetting operation, fourth feedback information is sent to the second server, and the fourth feedback information is used for indicating that the first server has completed the account password resetting operation, so that the second server verifies the account after the password resetting.
6. A server, comprising:
a memory;
a processor;
a communication interface; and
a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to:
generating account request information, wherein the account request information comprises account real-name information and account authority information;
sending the account request information to a second server through the communication interface so that the second server stores the account request information and verifies the account request information;
when the second server passes the verification of the account request information, receiving first prompt information sent by the second server through the communication interface, wherein the first prompt information is used for prompting the server to perform account adding operation;
after the account number adding operation is executed, first feedback information is sent to the second server through the communication interface, and the first feedback information is used for indicating that the server finishes the account number adding operation, so that the second server verifies the added account number and the authority information of the account number;
the processor is further configured to:
and if the second server fails to check the account request information, sending arbitration application information to a third server through the communication interface so that the third server arbitrates the account request information.
7. The server of claim 6, wherein the processor is further configured to:
generating account deletion request information;
sending the account deletion request information to a second server through the communication interface so that the second server stores the account deletion request information and verifies the account deletion request information;
when the second server passes the verification of the account deletion request information, receiving second prompt information sent by the second server through the communication interface, wherein the second prompt information is used for prompting the server to perform account deletion operation;
after the account deleting operation is executed, second feedback information is sent to the second server through the communication interface, and the second feedback information is used for indicating that the server has completed the account deleting operation, so that the second server can verify the deleted account.
8. The server of claim 6, wherein the processor is further configured to:
generating account number change request information, wherein the account number change request information is used for requesting to change authority information corresponding to an account number;
sending the account number change request information to a second server through the communication interface so that the second server stores the account number change request information and verifies the account number change request information;
when the second server passes the verification of the account number change request information, receiving third prompt information sent by the second server through the communication interface, wherein the third prompt information is used for prompting the server to perform account number change operation;
after the account number changing operation is executed, third feedback information is sent to the second server through the communication interface, and the third feedback information is used for indicating that the server has completed the account number changing operation, so that the second server verifies the changed account number and the authority information after the account number is changed.
9. The server of claim 8, wherein the processor is further configured to:
and if the second server fails to check the account number change request information, sending arbitration application information to a third server through the communication interface so that the third server arbitrates the account number to be changed and the authority information after the account number is changed.
10. The server of claim 6, wherein the processor is further configured to:
generating account password resetting request information, wherein the account password resetting request information is used for requesting to initialize the password of the account;
sending the account password resetting request information to a second server through the communication interface so that the second server stores the account password resetting request information and verifies the account password resetting request information;
when the second server passes the verification of the account password resetting request information, receiving fourth prompt information sent by the second server through the communication interface, wherein the fourth prompt information is used for prompting the server to perform account password resetting operation;
after the account password resetting operation is executed, fourth feedback information is sent to the second server through the communication interface, and the fourth feedback information is used for indicating that the server has completed the account password resetting operation, so that the second server verifies the account with the password reset.
11. A computer-readable storage medium, having stored thereon a computer program for execution by a processor to perform the method of any one of claims 1-5.
CN201910033977.6A 2019-01-15 2019-01-15 Multi-system account permission centralized management method, equipment and storage medium Active CN109831322B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910033977.6A CN109831322B (en) 2019-01-15 2019-01-15 Multi-system account permission centralized management method, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910033977.6A CN109831322B (en) 2019-01-15 2019-01-15 Multi-system account permission centralized management method, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN109831322A CN109831322A (en) 2019-05-31
CN109831322B true CN109831322B (en) 2022-02-11

Family

ID=66861753

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910033977.6A Active CN109831322B (en) 2019-01-15 2019-01-15 Multi-system account permission centralized management method, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN109831322B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110457890A (en) * 2019-07-15 2019-11-15 中国平安人寿保险股份有限公司 Right management method and device, electronic equipment and storage medium based on multisystem
CN110378147A (en) * 2019-07-25 2019-10-25 杭州涂鸦信息技术有限公司 Data access authority control method and system, readable storage medium storing program for executing and computer
CN112995094A (en) * 2019-12-13 2021-06-18 中盈优创资讯科技有限公司 Dynamic management method and system for account number authority of network equipment
CN113127830B (en) * 2019-12-31 2023-07-28 深圳云天励飞技术有限公司 Data deleting method, device, system, electronic equipment and storage medium
CN112948858A (en) * 2021-03-04 2021-06-11 浪潮云信息技术股份公司 Method for supporting real-name account number authority

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102542388A (en) * 2010-12-20 2012-07-04 西安众擎电子科技有限公司 Quality information management system
CN102769602A (en) * 2011-05-03 2012-11-07 中国移动通信集团山东有限公司 Method, system and device for temporary permission control
CN103996000A (en) * 2014-05-16 2014-08-20 深圳市东信时代信息技术有限公司 Authority management system and method
CN104378342A (en) * 2014-01-10 2015-02-25 腾讯科技(深圳)有限公司 Multi-account verification method, device and system
CN105095792A (en) * 2015-08-12 2015-11-25 浪潮(北京)电子信息产业有限公司 Storage resource management method and system based on multi-user rights
CN105405041A (en) * 2015-10-30 2016-03-16 腾讯科技(深圳)有限公司 Information processing method and terminal
CN107770173A (en) * 2017-10-20 2018-03-06 国信嘉宁数据技术有限公司 Subscriber Management System, related identification information creation method and request method of calibration
CN108074178A (en) * 2016-11-14 2018-05-25 平安科技(深圳)有限公司 The method and apparatus for handling credit card application

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102542388A (en) * 2010-12-20 2012-07-04 西安众擎电子科技有限公司 Quality information management system
CN102769602A (en) * 2011-05-03 2012-11-07 中国移动通信集团山东有限公司 Method, system and device for temporary permission control
CN104378342A (en) * 2014-01-10 2015-02-25 腾讯科技(深圳)有限公司 Multi-account verification method, device and system
CN103996000A (en) * 2014-05-16 2014-08-20 深圳市东信时代信息技术有限公司 Authority management system and method
CN105095792A (en) * 2015-08-12 2015-11-25 浪潮(北京)电子信息产业有限公司 Storage resource management method and system based on multi-user rights
CN105405041A (en) * 2015-10-30 2016-03-16 腾讯科技(深圳)有限公司 Information processing method and terminal
CN108074178A (en) * 2016-11-14 2018-05-25 平安科技(深圳)有限公司 The method and apparatus for handling credit card application
CN107770173A (en) * 2017-10-20 2018-03-06 国信嘉宁数据技术有限公司 Subscriber Management System, related identification information creation method and request method of calibration

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基干RBAC的甩户权限管理系统的设计与实现;向奎;《中国优秀硕士学位论文全文数据库》;20131215;正文48-58 *

Also Published As

Publication number Publication date
CN109831322A (en) 2019-05-31

Similar Documents

Publication Publication Date Title
CN109831322B (en) Multi-system account permission centralized management method, equipment and storage medium
CN105991734B (en) A kind of cloud platform management method and system
CN102947797B (en) The online service using directory feature extending transversely accesses and controls
CN109361517A (en) A kind of virtualization cloud cipher machine system and its implementation based on cloud computing
CN102298647B (en) Inspection and allocation system and method of data file
CN106055967A (en) SAAS platform user organization permission management method and system
CN110661831B (en) Big data test field security initialization method based on trusted third party
CN110049048B (en) Data access method, equipment and readable medium for government affair public service
TWI522960B (en) System and method of a must-reply mobile questionnaire
US11196627B1 (en) Managed remediation of non-compliant resources
CN103618752A (en) Virtual machine remote desktop safety access system and method
CN105119966A (en) Official account management method and device
CN110417820A (en) Processing method, device and the readable storage medium storing program for executing of single-node login system
CN108306972A (en) A kind of cloud cryptographic service method, platform, system and computer readable storage medium
CN107800681B (en) Data processing system
CN105897670A (en) Website user login authentication method and system
CN110719298A (en) Method and device for supporting user-defined change of privileged account password
CN110138881A (en) A kind of distributed memory system and its storage method
CN112019543A (en) Multi-tenant permission system based on BRAC model
CN104506480A (en) Cross-domain access control method and system based on marking and auditing combination
CN113438082B (en) Database access method, device, equipment and storage medium
CN109903046A (en) User data management and device based on block chain
CN107508810A (en) A kind of authentication management method, apparatus and system based on mobile office application
CN101505221A (en) Network guide system and unit storage unit access method
CN108881197A (en) High score grid system authentication system based on RBAC model

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant