CN109831322B - Multi-system account permission centralized management method, equipment and storage medium - Google Patents
Multi-system account permission centralized management method, equipment and storage medium Download PDFInfo
- Publication number
- CN109831322B CN109831322B CN201910033977.6A CN201910033977A CN109831322B CN 109831322 B CN109831322 B CN 109831322B CN 201910033977 A CN201910033977 A CN 201910033977A CN 109831322 B CN109831322 B CN 109831322B
- Authority
- CN
- China
- Prior art keywords
- server
- account
- information
- request information
- account number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000007726 management method Methods 0.000 title description 95
- 238000000034 method Methods 0.000 claims abstract description 54
- 238000012508 change request Methods 0.000 claims description 44
- 238000012217 deletion Methods 0.000 claims description 44
- 230000037430 deletion Effects 0.000 claims description 44
- 238000004891 communication Methods 0.000 claims description 39
- 238000012795 verification Methods 0.000 claims description 31
- 230000008859 change Effects 0.000 claims description 30
- 238000004590 computer program Methods 0.000 claims description 11
- 238000012423 maintenance Methods 0.000 description 57
- 230000008569 process Effects 0.000 description 27
- 238000012550 audit Methods 0.000 description 15
- 230000006870 function Effects 0.000 description 14
- 238000007710 freezing Methods 0.000 description 8
- 230000008014 freezing Effects 0.000 description 8
- 238000003672 processing method Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000012552 review Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000013070 change management Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012946 outsourcing Methods 0.000 description 1
- 238000007619 statistical method Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Abstract
The embodiment of the invention provides a method, equipment and a storage medium for centralized management of multi-system account number permissions. The account request information is generated through a first server and comprises account real-name system information and account permission information, the account request information is sent to a second server, the second server checks the account request information, if the account request information is checked by the second server, the first server receives first prompt information sent by the second server and executes account adding operation according to the first prompt information, and after the account adding operation is executed, first feedback information is sent to the second server, so that the second server verifies the added account and the account permission information, and effective management of multi-system multi-account permission information is achieved.
Description
Technical Field
The embodiment of the invention relates to the technical field of communication, in particular to a method, equipment and a storage medium for centralized management of multi-system account number permissions.
Background
With the continuous expansion of network scale, network services are more and more complex, daily work based on network operation and maintenance is more and more complex, more and more systems are built, and a person has a plurality of system accounts and applies for a certain system account to know who to find; meanwhile, along with the development of services, the safety management of daily operation and maintenance is continuously improved, and different access authorities need to be configured for different role personnel, so that the safety and effectiveness of information access are guaranteed.
In the existing management, the same person has different account numbers in different systems, and the same person has different account numbers in the same system; and many accounts have no corresponding users, so that a large amount of account redundancy is caused, and a great trouble is brought to the account management work of the system, but a method for effectively managing the user accounts with different access rights of each system is lacked.
Disclosure of Invention
The embodiment of the invention provides a method, equipment and a storage medium for centralized management of multi-system account permission, which are used for realizing effective management of multi-system multi-account permission information.
In a first aspect, an embodiment of the present invention provides a method for centrally managing permissions of multiple system accounts, where the method includes:
the method comprises the steps that a first server generates account request information, wherein the account request information comprises account real-name information and account permission information;
the first server sends the account request information to a second server so that the second server stores the account request information and verifies the account request information;
when the second server passes the account request information verification, the first server receives first prompt information sent by the second server, wherein the first prompt information is used for prompting the first server to perform account adding operation;
after the account adding operation is executed, the first server sends first feedback information to the second server, wherein the first feedback information is used for indicating that the account adding operation is completed by the first server, so that the second server verifies the newly added account and the authority information of the account.
In a second aspect, an embodiment of the present invention provides a server, including:
a memory;
a processor;
a communication interface; and a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to:
generating account request information, wherein the account request information comprises account real-name information and account authority information;
sending the account request information to a second server through the communication interface so that the second server stores the account request information and verifies the account request information;
when the second server passes the verification of the account request information, receiving first prompt information sent by the second server through the communication interface, wherein the first prompt information is used for prompting the server to perform account adding operation;
after the account number adding operation is executed, first feedback information is sent to the second server through the communication interface, and the first feedback information is used for indicating that the server has completed the account number adding operation, so that the second server verifies the added account number and the authority information of the account number.
In a third aspect, an embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to implement the method in the first aspect.
The embodiment of the invention provides a method, equipment and a storage medium for centralized management of multi-system account number permission. Generating new account request information through a first server, wherein the new account request information comprises a new account and real-name system information; sending the request information of the newly added account to a second server so that the second server can check the newly added account; if the second server passes the verification of the newly added account, storing the account information and informing the verification result of the first server through the communication interface; the first server adds an account number as required and informs an account number manager of a second server through a communication interface; the second server of the account manager verifies the authority information of the newly added account and the request account in the first server; the method and the device realize effective management of multi-system multi-account authority information.
Drawings
Fig. 1 is a flowchart of a centralized management method for permissions of multiple system accounts according to an embodiment of the present invention;
fig. 2 is a flowchart of a centralized management method for permissions of multiple system accounts according to an embodiment of the present invention;
fig. 3 is a flowchart of a centralized management method for permissions of multiple system accounts according to an embodiment of the present invention;
fig. 4 is a flowchart of a centralized management method for permissions of multiple system accounts according to another embodiment of the present invention;
fig. 5 is a flowchart of a centralized management method for permissions of multiple system accounts according to another embodiment of the present invention;
fig. 6 is a flowchart of a centralized management method for permissions of multiple system accounts according to another embodiment of the present invention;
fig. 7 is a flowchart of a centralized management method for permissions of multiple system accounts according to another embodiment of the present invention;
fig. 8 is a schematic diagram illustrating a centralized management method for permissions of multiple system accounts according to another embodiment of the present invention;
fig. 9 is a flowchart of a centralized management method for permissions of multiple system accounts according to another embodiment of the present invention;
fig. 10 is a flowchart of a centralized management method for permissions of multiple system accounts according to another embodiment of the present invention;
fig. 11 is a schematic structural diagram of a server according to an embodiment of the present invention.
With the foregoing drawings in mind, certain embodiments of the disclosure have been shown and described in more detail below. These drawings and written description are not intended to limit the scope of the disclosed concepts in any way, but rather to illustrate the concepts of the disclosure to those skilled in the art by reference to specific embodiments.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims.
With the continuous expansion of network scale, network services are more and more complex, daily work based on network operation and maintenance is more and more complex, more and more systems are built, and a person has a plurality of system accounts and applies for a certain system account to know who to find; meanwhile, along with the development of services, the safety management of daily operation and maintenance is continuously improved, and different access authorities need to be configured for different role personnel, so that the safety and effectiveness of information access are guaranteed.
The method and the system mainly configure different user groups of the internal and external network users through the authority management of the sub-role, so that different access authorities are inherited, and the user management of the sub-authority and sub-domain is realized. Meanwhile, unified management of personnel information is achieved through real-name management, a real-name system is required before account numbers are added, the account numbers are associated with the real-name system information, the account numbers corresponding to all systems are deleted in the real-name system, domain division is carried out on personnel in the real-name system, the real-name system is in the region, the account numbers applied by the personnel can only access the function of the region, and the validity and the safety of the account numbers are guaranteed.
The objects of centralized authentication application comprise internal operation and maintenance personnel, external generation and maintenance personnel, broadband outsourcing personnel and the like, and the system is required to be provided with control supporting internal and external personnel to use different modules. Meanwhile, the functions of the internal user and the external user should be physically isolated (i.e., the external person uses an interworking network access system, the internal person uses a unicom internal network access system, and the functions of the two access systems are different according to business needs), so as to facilitate the security and management of the system usage.
Requirements for use of internal and external network functions: the intranet user can log in the function in the use authority of the intranet system, and the intranet user can log in the function in the use authority of the extranet system; the user of the external network can log in the function in the use authority of the external network system.
The system realizes the authority authentication of the internal and external network users according to the requirements, and simultaneously supports the application requirements of the internal and external network isolation from the deployment of the equipment server of the system.
The system can perform security verification on the password set by the user; and the system should set validity period (validity period is set to three months) for each password, the password which is about to pass the validity period should be given to the user for prompting and modifying the password, and the password modified by the user cannot be the password used within two years.
The system can perform authority verification on the resources accessed by the login user, and the user can only access the related resources in the authority.
The system carries out electronic process management and control on addition, deletion and account change of different accounts, and real-name management on personnel information applying for temporary accounts is required. The account management process mainly comprises an account adding process, an account deleting process, an account changing process, an account password resetting process, an account checking process and the like.
The system sets different account number management personnel according to the region and is responsible for maintaining the real-name information in the region and applying for maintaining the account number authority request in the region; and meanwhile, system maintenance personnel are set according to the system and are responsible for maintaining the role account of the system and solving the function information.
The invention provides a centralized management method for multi-system account number permissions, and aims to solve the technical problems in the prior art.
The following describes the technical solutions of the present invention and how to solve the above technical problems with specific embodiments. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present invention will be described below with reference to the accompanying drawings.
Fig. 1 is a flowchart of a centralized management method for permissions of multiple system accounts according to an embodiment of the present invention. The embodiment of the invention provides a centralized management method for multi-system account number permissions, aiming at the technical problems in the prior art, and the method comprises the following specific steps:
In this embodiment, the first server may specifically be each application system server, for example, a server of the operation and maintenance integrated management system use department shown in fig. 2, and the second server may specifically be an account centralized management server, for example, a server of the operation and maintenance integrated management system maintenance department shown in fig. 2.
Specifically, the first server generates account request information, where the account request information may include: adding an account number, real-name system information, an applicant contact way, an application system, authority information and the like. The account request information needs to be checked by the second server to ensure that the newly added account is in a real-name system, the information of the account request information is complete, and the authority applied by the account request information meets the management requirement.
And 102, the first server sends the account request information to a second server so that the second server stores the account request information and verifies the account request information.
Specifically, the first server sends the account request information to the second server, so that the second server checks the account request information.
And if the second server passes the verification of the account request information, the second server sends first prompt information to the first server, wherein the first prompt information is used for prompting the first server to perform account adding operation.
And step 104, after executing the account adding operation, the first server sends first feedback information to the second server, where the first feedback information is used to indicate that the first server has completed the account adding operation, so that the second server verifies the newly added account and the authority information of the account.
And after receiving the first prompt message, the first server executes account number adding operation, specifically, creates a new account number and configures authority for the new account number. After the first server finishes the account adding operation, first feedback information is sent to the second server, the first feedback information is used for indicating that the first server finishes the account adding operation, in addition, the first feedback information can also comprise a newly added account of the first server and authority information of the account, and after the second server receives the first feedback information, the newly added account and the authority information of the account are verified. If the second server fails to verify the new account and the authority information of the account, the second server can also send the new account and the authority information of the account to the first server, so that the first server can execute account adding operation again.
The account request information is generated through a first server and comprises account real-name system information and account permission information, the account request information is sent to a second server, the second server checks the account request information, if the account request information is checked by the second server, the first server receives first prompt information sent by the second server and executes account adding operation according to the first prompt information, and after the account adding operation is executed, first feedback information is sent to the second server, so that the second server verifies the added account and the account permission information, and effective management of multi-system multi-account permission information is achieved.
Fig. 3 is a flowchart of a centralized management method for permissions of multiple system accounts according to an embodiment of the present invention. The embodiment of the invention provides a centralized management method for multi-system account number permissions, aiming at the technical problems in the prior art, and the method comprises the following specific steps:
In this embodiment, the first server may specifically be a server of a use department of the operation and maintenance integrated management system shown in fig. 3, the second server may specifically be a server of a maintenance department of the operation and maintenance integrated management system shown in fig. 3, and the third server may specifically be a server of an expert group shown in fig. 3.
An IT administrator of a use department of the operation and maintenance integrated management system generates new account request information through a first server, wherein the new account request information can comprise: adding an account number, real-name system information, an applicant contact way, an application system, authority information and the like. The newly added account request information needs to be subjected to three-level leader audit of the department and two-level leader audit of the department so as to ensure that the newly added account is in a real-name system, the information of the newly added account request information is complete, and the authority applied by the newly added account request information meets the management requirement.
And the first server sends the request information of the new account to the second server so as to be convenient for the administrator of the operation and maintenance integrated management system to check.
And if the operation and maintenance integrated management system administrator passes the verification, the second server automatically completes the creation and authority allocation work of the newly added account, the administrator fills a feedback sheet, the feedback sheet comprises the newly added account and the authority information of the newly added account, and the second server sends the feedback sheet to the first server.
And after receiving the feedback list, the first server verifies the newly added account number and the authority information of the newly added account number in the feedback list, if the verification is passed, the flow is filed, and if the verification is not passed, the first server returns the feedback list to the second server, so that the operation and maintenance comprehensive management system administrator can perform the operation of creating the newly added account number and assigning the authority again through the second server.
And if the audit of the operation and maintenance integrated management system administrator is not passed, the first server determines whether arbitration is applied, and if the first server does not apply arbitration, the process archiving is carried out. If the first server determines to apply for arbitration, the first server sends arbitration application information to the third server, for example, a newly added account applicant can fill an arbitration request form, the first server sends the arbitration request form to the third server, and the third server starts an arbitration process.
The account request information is generated through a first server and comprises account real-name system information and account permission information, the account request information is sent to a second server, the second server checks the account request information, if the account request information is checked by the second server, the first server receives first prompt information sent by the second server and executes account adding operation according to the first prompt information, and after the account adding operation is executed, first feedback information is sent to the second server, so that the second server verifies the added account and the account permission information, and effective management of multi-system multi-account permission information is achieved.
Fig. 4 is a flowchart of a centralized management method for permissions of multiple system accounts according to another embodiment of the present invention. On the basis of the foregoing embodiment, the account processing method provided in this embodiment specifically includes the following steps:
In this embodiment, the first server may specifically be a server of a use department of the operation and maintenance integrated management system shown in fig. 5, the second server may specifically be a server of a maintenance department of the operation and maintenance integrated management system shown in fig. 5, and the third server may specifically be a server of an expert group shown in fig. 5.
Due to the fact that the position of the personnel changes, the account number of the personnel with the changed position needs to be deleted, and the administrator of the use department of the operation and maintenance integrated management system generates account number deleting or freezing request information through the first server. The account deletion or freeze request information may also indicate to which maintenance department the account deletion or freeze request information needs to be sent, for example, the account deletion or freeze request information indicates that the account deletion request information needs to be sent to a server of the operation and maintenance integrated management system maintenance department, that is, a second server. Optionally, the account deletion or freeze request information may include: the account number to be deleted or frozen and the authority information corresponding to the account number. Optionally, the account deletion or freezing request information needs to be subjected to third-level leader review and second-level leader review by the department to ensure that the deleted or frozen account is in a real-name system, the information of the account deletion or freezing request information is complete, and the authority of the account conforms to the management requirement.
After the account deleting or freezing request information is subjected to the third-level leader audit and the second-level leader audit of the department, the first server sends the account deleting or freezing request information to the second server so as to be convenient for the operation and maintenance comprehensive management system administrator to audit.
If the operation and maintenance integrated management system administrator fails to check, the first server further needs to regenerate the account deletion or freeze request information.
And if the operation and maintenance comprehensive management system administrator passes the verification, the second server automatically sets the account to be deleted or frozen into a deleted or frozen state for later statistical analysis and use. And filling a feedback sheet by the administrator, wherein the feedback sheet comprises the deleted or frozen account and the state information set to be in the deleted or frozen state, and sending the feedback sheet to the first server by the second server.
After the first server receives the feedback list, the first server notifies the work order applicant that an account deletion or freezing request is made, the first server verifies the deleted or frozen account and the authority information corresponding to the account in the feedback list, and if the first server verifies the deleted or frozen account and the authority information corresponding to the account in the feedback list, the process is filed. And if the first server fails to verify the deleted or frozen account and the authority information corresponding to the account in the feedback list, the first server sends verification failure to the second server so that the second server can delete the account and the authority again.
The embodiment of the invention generates the account deleting request information through the first server, sends the account deleting request information to the second server, so that the second server stores the account deletion request information and verifies the account deletion request information, when the second server passes the account deletion request information audit, the first server receives second prompt information sent by the second server, the second prompt message is used for prompting the first server to perform account deletion operation, the first server sends second feedback information to the second server after executing the account deletion operation, the second feedback information is used for indicating that the first server has finished the account deleting operation, the second server verifies the deleted account, and effective management of multi-system multi-account authority information is achieved.
Fig. 6 is a flowchart of a centralized management method for permissions of multiple system accounts according to another embodiment of the present invention. On the basis of the foregoing embodiment, the account processing method provided in this embodiment specifically includes the following steps:
In this embodiment, the first server may specifically be a server of a use department of the operation and maintenance integrated management system shown in fig. 7, the second server may specifically be a server of a maintenance department of the operation and maintenance integrated management system shown in fig. 7, and the third server may specifically be a server of an expert group shown in fig. 7.
Because the personnel post changes, account information and authority need to be changed, at the moment, an account change application can be provided by the user, and the account change is suitable for the condition that a login account is not changed, only the account information and the authority information are changed, and the like. The expert group selects the existing account number, the system automatically associates the account number information with the authority information, and the account number information and the authority information can be directly modified on the work order. The account number change application needs to be subjected to three-level leader review by the department so as to ensure that the account number information is complete and the authority applied by the account number change application meets the management requirement. The account change application is audited by an IT administrator after being audited by the third-level leader of the department, and the IT administrator audits application information and determines to which maintenance part the account change application needs to be sent, for example, the IT administrator determines that the account change application needs to be sent to a server of the maintenance department of the operation and maintenance integrated management system as shown in fig. 7.
After the IT administrator passes the examination, the IT administrator further passes the secondary leader examination of the department, and the first server sends the account number change application to the second server so as to facilitate the examination of the operation and maintenance comprehensive management system administrator.
If the operation and maintenance integrated management system administrator passes the verification, the second server automatically completes information modification, for example, account information or authority information of the account is modified, the administrator fills a feedback sheet, the feedback sheet comprises the account and the modified account information or authority information, and the second server sends the feedback sheet to the first server.
And after receiving the feedback list, the first server informs the applicant of verifying the user and the authority information in the operation and maintenance integrated management system, the first server verifies the account and the authority information of the account, if the verification is passed, the process is filed, and if the verification is not passed, the first server sends verification failure to the second server, so that an operation and maintenance integrated management system administrator performs the operation of modifying the account information or the operation of modifying the authority information again through the second server.
In the embodiment of the invention, account number change request information is generated by a first server, the account number change request information is used for requesting to change authority information corresponding to an account number, the account number change request information is sent to a second server, so that the second server checks the account number change request information, when the second server passes the check of the account number change request information, the first server receives third prompt information sent by the second server, the third prompt information is used for prompting the first server to perform account number change operation, the first server sends third feedback information to the second server after executing the account number change operation, the third feedback information is used for indicating that the first server has completed the account number change operation, so that the second server verifies the changed account number and the authority information after the account number change, the method and the device realize effective management of multi-system multi-account authority information.
Fig. 8 is a schematic diagram of a centralized management method for permissions of multiple system accounts according to another embodiment of the present invention. On the basis of the foregoing embodiment, the account processing method provided in this embodiment specifically includes the following steps:
The specific processes and implementation principles of step 801 and step 601 are consistent, and are not described herein again.
The specific processes and implementation principles of step 802 and step 602 are consistent, and are not described herein again.
The specific processes and implementation principles of step 803 and step 603 are consistent, and are not described herein again.
The specific processes and implementation principles of step 804 and step 604 are consistent, and are not described herein again.
And if the audit of the operation and maintenance integrated management system administrator is not passed, the first server determines whether arbitration is applied, and if the first server does not apply arbitration, the process archiving is carried out. If the first server determines to apply for arbitration, the first server sends arbitration application information to the third server, for example, an applicant applying for account number change fills an arbitration request form, the first server sends the arbitration request form to the third server, and the third server starts an arbitration process.
In the embodiment of the invention, account number change request information is generated by a first server, the account number change request information is used for requesting to change authority information corresponding to an account number, the account number change request information is sent to a second server, so that the second server checks the account number change request information, when the second server passes the check of the account number change request information, the first server receives third prompt information sent by the second server, the third prompt information is used for prompting the first server to perform account number change operation, the first server sends third feedback information to the second server after executing the account number change operation, the third feedback information is used for indicating that the first server has completed the account number change operation, so that the second server verifies the changed account number and the authority information after the account number change, the method and the device realize effective management of multi-system multi-account authority information.
Fig. 9 is a flowchart of a centralized management method for permissions of multiple system accounts according to another embodiment of the present invention. On the basis of the foregoing embodiment, the account processing method provided in this embodiment specifically includes the following steps:
In this embodiment, the account password resetting request information is sent to the second server through the first server, when the second server passes the account password resetting request information audit, the first server receives fourth prompt information sent by the second server, the fourth prompt information is used for prompting the first server to perform an account password resetting operation, the first server sends fourth feedback information to the second server after executing the account password resetting operation, and the fourth feedback information is used for indicating that the first server has completed the account password resetting operation, so that the second server verifies an account with a reset password, and effective management of multi-system multi-account permission information is achieved.
Fig. 10 is a flowchart of a centralized management method for permissions of multiple system accounts according to another embodiment of the present invention. On the basis of the foregoing embodiment, the account processing method provided in this embodiment specifically includes the following steps:
and drafting account number approval notice by the operation and maintenance integrated management function management department server.
And the operation and maintenance integrated management system maintenance department server receives the approval notice.
And the operation and maintenance integrated management system maintenance department server acquires the account information of each system from the operation and maintenance integrated management system according to a fixed format.
And the operation and maintenance comprehensive management system maintenance department server imports the extracted OSS system account information into the system, and the system automatically completes comparison work.
And the operation and maintenance comprehensive management system maintenance department server generates a feedback list according to the comparison result.
And the operation and maintenance comprehensive management function management department server confirms the account number comparison result, if a problem exists, a difference account number notice is drafted, and if no problem exists, the process is filed.
And the operation and maintenance integrated management service use department server receives the difference account notification.
And the operation and maintenance integrated management service use department server starts the processes of account addition, account deletion, freezing, changing and the like to process the differential account according to the differential account notice.
And (3) the operation and maintenance integrated management service use department server draws up a feedback sheet of the notification sheet of the difference account number, and optionally, the process of the final review and the processes of adding, deleting, freezing, changing and the like of the account number are weakly related.
And the operation and maintenance integrated management service use department server sends the feedback sheet to the operation and maintenance integrated management function management department server so that the operation and maintenance integrated management function management department server audits the feedback result, if unprocessed account numbers exist, the audit feedback result is sent to the operation and maintenance integrated management service use department server, and if no problem exists, the process is filed.
Optionally, when the administrator performs the permission configuration, the administrator may perform the permission configuration on the corresponding account only when the account with the related permission and the to-be-changed permission meets two conditions of approval of the account change management process. When the authority is distributed, the distributed authority is not allowed to exceed the authority range owned by the distributing authority.
Fig. 11 is a schematic structural diagram of a server according to an embodiment of the present invention. The server may specifically be the first server in the above embodiment. The server provided in the embodiment of the present invention may execute the processing flow provided in the embodiment of the centralized management method for permissions of multiple system accounts, as shown in fig. 11, the server 110 includes: memory 111, processor 112, computer programs, and communications interface 113; wherein the computer program is stored in the memory 111 and is configured to be executed by the processor 112 to: generating account request information, wherein the account request information comprises account real-name information and account authority information; sending the account request information to a second server through a communication interface 13, so that the second server stores the account request information and verifies the account request information; when the second server passes the verification of the account request information, receiving first prompt information sent by the second server through a communication interface 13, wherein the first prompt information is used for prompting the server to perform account adding operation; after the account number adding operation is executed, first feedback information is sent to the second server through a communication interface 13, and the first feedback information is used for indicating that the server has completed the account number adding operation, so that the second server verifies the added account number and the authority information of the account number.
Optionally, the processor 12 is further configured to: and if the second server fails to check the account request information, sending arbitration application information to a third server through a communication interface 13 so that the third server arbitrates the account request information.
Optionally, the processor 12 is further configured to: generating account deletion request information; sending the account deletion request information to a second server through a communication interface 13, so that the second server stores the account deletion request information and verifies the account deletion request information; when the second server passes the verification of the account deletion request information, receiving second prompt information sent by the second server through a communication interface 13, wherein the second prompt information is used for prompting the server to perform account deletion operation; after the account deleting operation is performed, second feedback information is sent to the second server through the communication interface 13, where the second feedback information is used to indicate that the server has completed the account deleting operation, so that the second server verifies the deleted account.
Optionally, the processor 12 is further configured to: generating account number change request information, wherein the account number change request information is used for requesting to change authority information corresponding to an account number; sending the account change request information to a second server through a communication interface 13, so that the second server stores the account change request information and verifies the account change request information; when the second server passes the verification of the account number change request information, receiving third prompt information sent by the second server through a communication interface 13, wherein the third prompt information is used for prompting the server to perform account number change operation; after the account number changing operation is executed, third feedback information is sent to the second server through the communication interface 13, where the third feedback information is used to indicate that the server has completed the account number changing operation, so that the second server verifies the changed account number and the authority information after the account number is changed.
Optionally, the processor 12 is further configured to: and if the second server fails to check the account number change request information, sending arbitration application information to a third server through a communication interface 13, so that the third server arbitrates the account number to be changed and the authority information after the account number is changed.
Optionally, the processor 12 is further configured to: generating account password resetting request information, wherein the account password resetting request information is used for requesting to initialize the password of the account; sending the account password resetting request information to a second server through a communication interface 13, so that the second server stores the account password resetting request information and verifies the account password resetting request information; when the second server passes the verification of the account password resetting request information, receiving fourth prompt information sent by the second server through a communication interface 13, wherein the fourth prompt information is used for prompting the server to perform account password resetting operation; after the account password resetting operation is performed, fourth feedback information is sent to the second server through the communication interface 13, where the fourth feedback information is used to indicate that the server has completed the account password resetting operation, so that the second server verifies the account with the password reset.
The server in the embodiment shown in fig. 11 may be configured to execute the technical solution of the above method embodiment, and the implementation principle and the technical effect are similar, which are not described herein again.
In addition, the present embodiment also provides a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to implement the centralized management method for multiple system account permissions described in the foregoing embodiments.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
The integrated unit implemented in the form of a software functional unit may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium and includes several instructions to enable a computer device (which may be a personal computer, a server, or a network device) or a processor (processor) to execute some steps of the methods according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
It is obvious to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional modules is merely used as an example, and in practical applications, the above function distribution may be performed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules to perform all or part of the above described functions. For the specific working process of the device described above, reference may be made to the corresponding process in the foregoing method embodiment, which is not described herein again.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.
Claims (11)
1. A method for centralized management of multi-system account number permissions is characterized by comprising the following steps:
the method comprises the steps that a first server generates account request information, wherein the account request information comprises account real-name information and account permission information;
the first server sends the account request information to a second server so that the second server stores the account request information and verifies the account request information;
when the second server passes the account request information verification, the first server receives first prompt information sent by the second server, wherein the first prompt information is used for prompting the first server to perform account adding operation;
after executing the account number adding operation, the first server sends first feedback information to the second server, wherein the first feedback information is used for indicating that the first server finishes the account number adding operation, so that the second server verifies the added account number and the authority information of the account number;
and if the second server fails to check the account request information, the first server sends arbitration application information to a third server so that the third server arbitrates the account request information.
2. The method of claim 1, further comprising:
the first server generates account deletion request information;
the first server sends the account deletion request information to a second server so that the second server stores the account deletion request information and verifies the account deletion request information;
when the second server passes the verification of the account deletion request information, the first server receives second prompt information sent by the second server, wherein the second prompt information is used for prompting the first server to perform account deletion operation;
after executing the account deletion operation, the first server sends second feedback information to the second server, where the second feedback information is used to indicate that the first server has completed the account deletion operation, so that the second server verifies the deleted account.
3. The method of claim 1, further comprising:
the first server generates account number change request information, and the account number change request information is used for requesting to change authority information corresponding to the account number;
the first server sends the account number change request information to a second server so that the second server stores the account number change request information and verifies the account number change request information;
when the second server passes the verification of the account number change request information, the first server receives third prompt information sent by the second server, wherein the third prompt information is used for prompting the first server to perform account number change operation;
after executing the account number changing operation, the first server sends third feedback information to the second server, where the third feedback information is used to indicate that the first server has completed the account number changing operation, so that the second server verifies the changed account number and the authority information after the account number is changed.
4. The method of claim 3, further comprising:
and if the second server fails to check the account number change request information, the first server sends arbitration application information to a third server so that the third server arbitrates the account number to be changed and the authority information after the account number is changed.
5. The method of claim 1, further comprising:
the first server generates account password resetting request information, wherein the account password resetting request information is used for requesting initialization of a password of the account;
the first server sends the account password resetting request information to a second server so that the second server stores the account password resetting request information and verifies the account password resetting request information;
when the second server passes the verification of the account password resetting request information, the first server receives fourth prompt information sent by the second server, wherein the fourth prompt information is used for prompting the first server to perform account password resetting operation;
after the first server executes the account password resetting operation, fourth feedback information is sent to the second server, and the fourth feedback information is used for indicating that the first server has completed the account password resetting operation, so that the second server verifies the account after the password resetting.
6. A server, comprising:
a memory;
a processor;
a communication interface; and
a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to:
generating account request information, wherein the account request information comprises account real-name information and account authority information;
sending the account request information to a second server through the communication interface so that the second server stores the account request information and verifies the account request information;
when the second server passes the verification of the account request information, receiving first prompt information sent by the second server through the communication interface, wherein the first prompt information is used for prompting the server to perform account adding operation;
after the account number adding operation is executed, first feedback information is sent to the second server through the communication interface, and the first feedback information is used for indicating that the server finishes the account number adding operation, so that the second server verifies the added account number and the authority information of the account number;
the processor is further configured to:
and if the second server fails to check the account request information, sending arbitration application information to a third server through the communication interface so that the third server arbitrates the account request information.
7. The server of claim 6, wherein the processor is further configured to:
generating account deletion request information;
sending the account deletion request information to a second server through the communication interface so that the second server stores the account deletion request information and verifies the account deletion request information;
when the second server passes the verification of the account deletion request information, receiving second prompt information sent by the second server through the communication interface, wherein the second prompt information is used for prompting the server to perform account deletion operation;
after the account deleting operation is executed, second feedback information is sent to the second server through the communication interface, and the second feedback information is used for indicating that the server has completed the account deleting operation, so that the second server can verify the deleted account.
8. The server of claim 6, wherein the processor is further configured to:
generating account number change request information, wherein the account number change request information is used for requesting to change authority information corresponding to an account number;
sending the account number change request information to a second server through the communication interface so that the second server stores the account number change request information and verifies the account number change request information;
when the second server passes the verification of the account number change request information, receiving third prompt information sent by the second server through the communication interface, wherein the third prompt information is used for prompting the server to perform account number change operation;
after the account number changing operation is executed, third feedback information is sent to the second server through the communication interface, and the third feedback information is used for indicating that the server has completed the account number changing operation, so that the second server verifies the changed account number and the authority information after the account number is changed.
9. The server of claim 8, wherein the processor is further configured to:
and if the second server fails to check the account number change request information, sending arbitration application information to a third server through the communication interface so that the third server arbitrates the account number to be changed and the authority information after the account number is changed.
10. The server of claim 6, wherein the processor is further configured to:
generating account password resetting request information, wherein the account password resetting request information is used for requesting to initialize the password of the account;
sending the account password resetting request information to a second server through the communication interface so that the second server stores the account password resetting request information and verifies the account password resetting request information;
when the second server passes the verification of the account password resetting request information, receiving fourth prompt information sent by the second server through the communication interface, wherein the fourth prompt information is used for prompting the server to perform account password resetting operation;
after the account password resetting operation is executed, fourth feedback information is sent to the second server through the communication interface, and the fourth feedback information is used for indicating that the server has completed the account password resetting operation, so that the second server verifies the account with the password reset.
11. A computer-readable storage medium, having stored thereon a computer program for execution by a processor to perform the method of any one of claims 1-5.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910033977.6A CN109831322B (en) | 2019-01-15 | 2019-01-15 | Multi-system account permission centralized management method, equipment and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910033977.6A CN109831322B (en) | 2019-01-15 | 2019-01-15 | Multi-system account permission centralized management method, equipment and storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109831322A CN109831322A (en) | 2019-05-31 |
CN109831322B true CN109831322B (en) | 2022-02-11 |
Family
ID=66861753
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910033977.6A Active CN109831322B (en) | 2019-01-15 | 2019-01-15 | Multi-system account permission centralized management method, equipment and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109831322B (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110457890A (en) * | 2019-07-15 | 2019-11-15 | 中国平安人寿保险股份有限公司 | Right management method and device, electronic equipment and storage medium based on multisystem |
CN110378147A (en) * | 2019-07-25 | 2019-10-25 | 杭州涂鸦信息技术有限公司 | Data access authority control method and system, readable storage medium storing program for executing and computer |
CN112995094A (en) * | 2019-12-13 | 2021-06-18 | 中盈优创资讯科技有限公司 | Dynamic management method and system for account number authority of network equipment |
CN113127830B (en) * | 2019-12-31 | 2023-07-28 | 深圳云天励飞技术有限公司 | Data deleting method, device, system, electronic equipment and storage medium |
CN112948858A (en) * | 2021-03-04 | 2021-06-11 | 浪潮云信息技术股份公司 | Method for supporting real-name account number authority |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102542388A (en) * | 2010-12-20 | 2012-07-04 | 西安众擎电子科技有限公司 | Quality information management system |
CN102769602A (en) * | 2011-05-03 | 2012-11-07 | 中国移动通信集团山东有限公司 | Method, system and device for temporary permission control |
CN103996000A (en) * | 2014-05-16 | 2014-08-20 | 深圳市东信时代信息技术有限公司 | Authority management system and method |
CN104378342A (en) * | 2014-01-10 | 2015-02-25 | 腾讯科技(深圳)有限公司 | Multi-account verification method, device and system |
CN105095792A (en) * | 2015-08-12 | 2015-11-25 | 浪潮(北京)电子信息产业有限公司 | Storage resource management method and system based on multi-user rights |
CN105405041A (en) * | 2015-10-30 | 2016-03-16 | 腾讯科技(深圳)有限公司 | Information processing method and terminal |
CN107770173A (en) * | 2017-10-20 | 2018-03-06 | 国信嘉宁数据技术有限公司 | Subscriber Management System, related identification information creation method and request method of calibration |
CN108074178A (en) * | 2016-11-14 | 2018-05-25 | 平安科技(深圳)有限公司 | The method and apparatus for handling credit card application |
-
2019
- 2019-01-15 CN CN201910033977.6A patent/CN109831322B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102542388A (en) * | 2010-12-20 | 2012-07-04 | 西安众擎电子科技有限公司 | Quality information management system |
CN102769602A (en) * | 2011-05-03 | 2012-11-07 | 中国移动通信集团山东有限公司 | Method, system and device for temporary permission control |
CN104378342A (en) * | 2014-01-10 | 2015-02-25 | 腾讯科技(深圳)有限公司 | Multi-account verification method, device and system |
CN103996000A (en) * | 2014-05-16 | 2014-08-20 | 深圳市东信时代信息技术有限公司 | Authority management system and method |
CN105095792A (en) * | 2015-08-12 | 2015-11-25 | 浪潮(北京)电子信息产业有限公司 | Storage resource management method and system based on multi-user rights |
CN105405041A (en) * | 2015-10-30 | 2016-03-16 | 腾讯科技(深圳)有限公司 | Information processing method and terminal |
CN108074178A (en) * | 2016-11-14 | 2018-05-25 | 平安科技(深圳)有限公司 | The method and apparatus for handling credit card application |
CN107770173A (en) * | 2017-10-20 | 2018-03-06 | 国信嘉宁数据技术有限公司 | Subscriber Management System, related identification information creation method and request method of calibration |
Non-Patent Citations (1)
Title |
---|
基干RBAC的甩户权限管理系统的设计与实现;向奎;《中国优秀硕士学位论文全文数据库》;20131215;正文48-58 * |
Also Published As
Publication number | Publication date |
---|---|
CN109831322A (en) | 2019-05-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109831322B (en) | Multi-system account permission centralized management method, equipment and storage medium | |
CN105991734B (en) | A kind of cloud platform management method and system | |
CN102947797B (en) | The online service using directory feature extending transversely accesses and controls | |
CN109361517A (en) | A kind of virtualization cloud cipher machine system and its implementation based on cloud computing | |
CN102298647B (en) | Inspection and allocation system and method of data file | |
CN106055967A (en) | SAAS platform user organization permission management method and system | |
CN110661831B (en) | Big data test field security initialization method based on trusted third party | |
CN110049048B (en) | Data access method, equipment and readable medium for government affair public service | |
TWI522960B (en) | System and method of a must-reply mobile questionnaire | |
US11196627B1 (en) | Managed remediation of non-compliant resources | |
CN103618752A (en) | Virtual machine remote desktop safety access system and method | |
CN105119966A (en) | Official account management method and device | |
CN110417820A (en) | Processing method, device and the readable storage medium storing program for executing of single-node login system | |
CN108306972A (en) | A kind of cloud cryptographic service method, platform, system and computer readable storage medium | |
CN107800681B (en) | Data processing system | |
CN105897670A (en) | Website user login authentication method and system | |
CN110719298A (en) | Method and device for supporting user-defined change of privileged account password | |
CN110138881A (en) | A kind of distributed memory system and its storage method | |
CN112019543A (en) | Multi-tenant permission system based on BRAC model | |
CN104506480A (en) | Cross-domain access control method and system based on marking and auditing combination | |
CN113438082B (en) | Database access method, device, equipment and storage medium | |
CN109903046A (en) | User data management and device based on block chain | |
CN107508810A (en) | A kind of authentication management method, apparatus and system based on mobile office application | |
CN101505221A (en) | Network guide system and unit storage unit access method | |
CN108881197A (en) | High score grid system authentication system based on RBAC model |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |