CN110276179B - User authorization method, device, storage medium and electronic equipment - Google Patents

User authorization method, device, storage medium and electronic equipment Download PDF

Info

Publication number
CN110276179B
CN110276179B CN201910459367.2A CN201910459367A CN110276179B CN 110276179 B CN110276179 B CN 110276179B CN 201910459367 A CN201910459367 A CN 201910459367A CN 110276179 B CN110276179 B CN 110276179B
Authority
CN
China
Prior art keywords
target
user
maintenance
node
flow
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910459367.2A
Other languages
Chinese (zh)
Other versions
CN110276179A (en
Inventor
许志浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Neusoft Corp
Original Assignee
Neusoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Neusoft Corp filed Critical Neusoft Corp
Priority to CN201910459367.2A priority Critical patent/CN110276179B/en
Publication of CN110276179A publication Critical patent/CN110276179A/en
Application granted granted Critical
Publication of CN110276179B publication Critical patent/CN110276179B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • G06Q10/103Workflow collaboration or project management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/20Administration of product repair or maintenance

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Human Resources & Organizations (AREA)
  • Strategic Management (AREA)
  • Theoretical Computer Science (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Computer Security & Cryptography (AREA)
  • Tourism & Hospitality (AREA)
  • General Business, Economics & Management (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Data Mining & Analysis (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The disclosure relates to a user authorization method, a device, a storage medium and an electronic device, which are applied to user authorization in an operation and maintenance process, and the method comprises the following steps: acquiring a process operation authority of a target user, wherein the target user is a user who performs user authorization on an operation and maintenance process; determining a target operation and maintenance flow selected by the target user from one or more operation and maintenance flows corresponding to the flow operation authority; determining a subordinate user to be authorized, wherein the authority of the subordinate user is lower than that of the target user; determining a target item to be authorized to the subordinate user in the target operation and maintenance flow, and authorizing the target item to the subordinate user, wherein the target item is an operation item which can be operated by the subordinate user on the target operation and maintenance flow.

Description

User authorization method, device, storage medium and electronic equipment
Technical Field
The present disclosure relates to the field of operation and maintenance processes, and in particular, to a method and an apparatus for user authorization, a storage medium, and an electronic device.
Background
IT (Information Technology ) operation and maintenance are generally performed on a network, a server, storage, application software and other aspects of an internet product, and with increasingly large product scale, an increasingly complex and heavy operation and maintenance task, in daily operation and maintenance, a user can freely arrange an operation and maintenance flow according to actual requirements, and complete a series of operation and maintenance work when monitoring equipment gives an alarm or triggers the flow at regular time.
In the current operation and maintenance flow structure, each user independently creates a flow, the user only has flow operation authority on the operation and maintenance flow created by the user, and the operation and maintenance flows created by other users cannot be operated, so that even for the same operation and maintenance flow, different users also need to repeatedly create and cannot be reused, which increases the workload of daily operation and maintenance, wastes time and labor, and affects the work efficiency of operation and maintenance monitoring.
Disclosure of Invention
The disclosure provides a user authorization method, a user authorization device, a storage medium and an electronic device.
In a first aspect, a method for user authorization is provided, which is applied to user authorization in an operation and maintenance process, and the method includes: acquiring a process operation authority of a target user, wherein the target user is a user who performs user authorization on an operation and maintenance process; determining a target operation and maintenance flow selected by the target user from one or more operation and maintenance flows corresponding to the flow operation authority; determining a subordinate user to be authorized, wherein the authority of the subordinate user is lower than that of the target user; determining a target item to be authorized to the subordinate user in the target operation and maintenance flow, and authorizing the target item to the subordinate user, wherein the target item is an operation item which can be operated by the subordinate user on the target operation and maintenance flow.
Optionally, the authorizing the target item to the subordinate user comprises: and authorizing node operation items of one or more target nodes in the target operation and maintenance flow to the subordinate user.
Optionally, before the authorizing node operation items of one or more target nodes in the target operation and maintenance flow to the subordinate user, the method further includes: determining a node to be authorized selected by the target user from the nodes of the target operation and maintenance process; and determining a node of a target sub-process in the target operation and maintenance process as the target node, wherein the target sub-process is a sub-process in which the node to be authorized is used as an end node.
Optionally, before the authorizing node operation items of one or more target nodes in the target operation and maintenance flow to the subordinate user, the method further includes: determining a target process execution item to be authorized to the subordinate user in the target operation and maintenance process; the target process execution items comprise items which can be triggered by the subordinate user to execute the target operation and maintenance process; the authorizing node operation items of one or more target nodes in the target operation and maintenance process to the subordinate user comprises: and authorizing the target process execution items and the node operation items of one or more target nodes in the target operation and maintenance process to the subordinate user.
In a second aspect, an apparatus for user authorization is provided, and is applied to user authorization in an operation and maintenance process, the apparatus includes: the acquisition module is used for acquiring the process operation authority of a target user, wherein the target user is a user who carries out user authorization on the operation and maintenance process; the first determining module is used for determining a target operation and maintenance flow selected by the target user from one or more operation and maintenance flows corresponding to the flow operation authority; the second determining module is used for determining a subordinate user to be authorized, and the authority of the subordinate user is lower than that of the target user; and the authorization module is used for determining a target item to be authorized to the subordinate user in the target operation and maintenance flow and authorizing the target item to the subordinate user, wherein the target item is an operation item which can be operated by the subordinate user on the target operation and maintenance flow.
Optionally, the authorization module is configured to authorize node operation items of one or more target nodes in the target operation and maintenance flow to the subordinate user.
Optionally, the apparatus further comprises: a third determining module, configured to determine, from the nodes in the target operation and maintenance process, a node to be authorized, which is selected by the target user; a fourth determining module, configured to determine a node of a target sub-process in the target operation and maintenance process as the target node, where the target sub-process is a sub-process in which the node to be authorized is an end node.
Optionally, the apparatus further comprises: a fifth determining module, configured to determine a target process execution item to be authorized to the subordinate user in the target operation and maintenance process; the target process execution items comprise items which can be triggered by the subordinate user to execute the target operation and maintenance process; the authorization module is configured to authorize the target process execution item and the node operation items of one or more target nodes in the target operation and maintenance process to the subordinate user.
In a third aspect, a computer readable storage medium is provided, on which a computer program is stored, which program, when being executed by a processor, carries out the steps of the method according to the first aspect of the disclosure.
In a fourth aspect, an electronic device is provided, comprising: a memory having a computer program stored thereon; a processor for executing the computer program in the memory to implement the steps of the method of the first aspect of the disclosure.
Through the technical scheme, the process operation authority of a target user is obtained, wherein the target user is a user who carries out user authorization on the operation and maintenance process; determining a target operation and maintenance flow selected by the target user from one or more operation and maintenance flows corresponding to the flow operation authority; determining a subordinate user to be authorized, wherein the authority of the subordinate user is lower than that of the target user; determining a target item to be authorized to the subordinate user in the target operation and maintenance flow, and authorizing the target item to the subordinate user, where the target item is an operation item that the subordinate user can operate the target operation and maintenance flow, so that the target user can grant the flow operation authority of the target operation and maintenance flow to the subordinate user, and the subordinate user can operate the target operation and maintenance flow according to the authorized target item without repeatedly creating the target operation and maintenance flow by the subordinate user, thereby reducing the workload of repeated operation, improving the convenience of daily operation and maintenance, and further improving the working efficiency of daily operation and maintenance.
Additional features and advantages of the disclosure will be set forth in the detailed description which follows.
Drawings
The accompanying drawings, which are included to provide a further understanding of the disclosure and are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description serve to explain the disclosure without limiting the disclosure. In the drawings:
FIG. 1 is a flow diagram illustrating a first method of user authorization in accordance with an exemplary embodiment;
FIG. 2 is a flow diagram illustrating a second method of user authorization in accordance with an exemplary embodiment;
FIG. 3 is a diagram illustrating a pre-established correspondence between users and roles, according to an illustrative embodiment;
FIG. 4 is a node diagram illustrating a target operation and maintenance flow, according to an example embodiment;
FIG. 5 is a diagram illustrating how visible an operation and maintenance process may be to a subordinate user in accordance with an exemplary embodiment;
FIG. 6 is a block diagram illustrating a first type of user-authorized device in accordance with an exemplary embodiment;
FIG. 7 is a block diagram illustrating a second type of user-authorized apparatus in accordance with an exemplary embodiment;
FIG. 8 is a block diagram illustrating a third apparatus for user authorization in accordance with an exemplary embodiment;
FIG. 9 is a block diagram illustrating an electronic device in accordance with an example embodiment.
Detailed Description
The following detailed description of specific embodiments of the present disclosure is provided in connection with the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present disclosure, are given by way of illustration and explanation only, not limitation.
The method is mainly applied to a scene that users perform user authorization on the process operation authority of the operation and maintenance process, the authority relationship among different users in the operation and maintenance process is not considered in the existing operation and maintenance process structure, each user independently creates the operation and maintenance process required by the user, and if a first user creates the operation and maintenance process A, when a second user also needs to create the operation and maintenance process A, the second user can only repeatedly create the operation and maintenance process A, but cannot directly operate the operation and maintenance process A created by the first user, that is, even for the same operation and maintenance process, different users also need to repeatedly create the operation and maintenance process, and the operation and maintenance process cannot be multiplexed, so that the workload of daily operation and maintenance is increased, time and labor are wasted, and the work efficiency of product operation and maintenance is influenced.
In order to solve the above problems, the present disclosure provides a method, an apparatus, a storage medium, and an electronic device for user authorization, which can obtain a flow operation authority of a target user for user authorization of an operation and maintenance flow when performing user authorization on the flow operation authority of the operation and maintenance flow, then determine a target operation and maintenance flow selected by the target user in one or more operation and maintenance flows corresponding to the flow operation authority, further determine a target item to be authorized to a subordinate user in the target operation and maintenance flow, and authorize the target item to the subordinate user, so that the target user can grant the flow operation authority of the target operation and maintenance flow to the subordinate user, so that the subordinate user can operate the target operation and maintenance flow according to the authorized target item without repeatedly creating the target operation and maintenance flow by the subordinate user, therefore, the workload of repeated operation can be reduced, the convenience of daily operation and maintenance can be improved, and the working efficiency of daily operation and maintenance can be improved.
The following description of the embodiments of the present disclosure will be made with reference to the accompanying drawings.
Fig. 1 is a flowchart illustrating a method for user authorization according to an exemplary embodiment, which is applied to user authorization in an operation and maintenance process, as shown in fig. 1, and the method includes:
in step 101, a process operation authority of a target user is acquired.
The target user is a user who performs user authorization on the operation and maintenance process, the operation and maintenance process may include an equipment restart process, an environment detection process, a database deployment process, an alarm processing process, and the like, and the process operation permission includes a permission to execute the operation and maintenance process and a permission to perform user authorization on the operation and maintenance process.
In a possible implementation manner, the permission level of the target user may be obtained, and then the process operation permission is determined according to the permission level, where different permission levels correspond to different process operation permissions, and the permission levels may correspond to the process operation permissions one to one.
In a practical application scenario, a user may log in an operation and maintenance process management system to perform operations such as construction, execution, and user authorization on the operation and maintenance process, and when the target user performs user authorization on the operation and maintenance process, the operation and maintenance process management system also needs to log in to perform operations, and in addition, to facilitate uniform management and configuration of user authorization on the operation and maintenance process, different process roles (such as a super administrator, a primary administrator, a secondary administrator, and the like) may be bound in advance for different users, so in a possible implementation manner, when it is determined that the target user logs in the operation and maintenance process management system to perform user authorization (for example, it is determined that the target user triggers an "authorization setting" button set on an interface), a user name of the target user may be obtained, and then a role bound in advance with the target user is determined according to the user name, and then determining the authority level of the target user according to the role, and further determining the process operation authority of the target user according to the authority level.
In step 102, a target operation and maintenance flow selected by the target user is determined from one or more operation and maintenance flows corresponding to the flow operation authority.
The target operation and maintenance process is an operation and maintenance process selected by the target user and to be authorized to a subordinate user, and when the process operation authority corresponds to a plurality of operation and maintenance processes, the target operation and maintenance process may be any one or more of the plurality of operation and maintenance processes.
In step 103, a subordinate user to be authorized is determined.
Wherein the subordinate user has a lower authority than the target user, the subordinate user may be selected by the target user, and the subordinate user may include one or more.
In one possible implementation manner, the target user may select the subordinate user by selecting a role of a user to be authorized, where the subordinate user is all users corresponding to the role selected by the target user, and in another possible implementation manner, the target user may also select one or more users having the same or different roles in a user list as the subordinate user.
In step 104, the target item to be authorized to the subordinate user in the target operation and maintenance process is determined, and the target item is authorized to the subordinate user.
The target item is an operation item which can be operated by the subordinate user on the target operation and maintenance flow.
In this step, the node operation items of one or more target nodes in the target operation and maintenance flow may be authorized to the subordinate user, where the node operation items may include items such as executing the node, viewing an execution result of the superior user after executing the node, and viewing node customization information of the node.
Further, before authorizing the node operation items of one or more target nodes in the target operation and maintenance flow to the subordinate user, the target node also needs to be determined, specifically, a node to be authorized selected by the target user may be determined from the nodes of the target operation and maintenance flow, and then a node of a target sub-flow in the target operation and maintenance flow is determined as the target node, where the target sub-flow is a sub-flow in which the node to be authorized is an end node.
In an actual application scenario, the target user may select any one of the nodes as the node to be authorized.
In addition, the user authorization method provided by the present disclosure may include two authorization manners, one is to authorize the target operation and maintenance flow to the subordinate user as a whole, and the other is to authorize only a part of nodes in the target operation and maintenance flow to the subordinate user, when the target user wants to authorize a part of nodes in the target operation and maintenance flow to the subordinate user, in order to avoid a complex operation that the target user selects nodes to be authorized one by one, the target user may only select an end node in the target sub-flow to be authorized as the node to be authorized, so that after acquiring the node to be authorized, a flow path from a start node to the node to be authorized in the target operation and maintenance flow may be automatically completed to obtain the target sub-flow, further it may be determined that the node in the target sub-flow is the target node, and further, before storing the target node, the system may determine whether the target sub-process is complete according to a connection condition of each node in the target sub-process, and when it is determined that the target sub-process is a complete process, the system may determine the node in the target sub-process as the target node to be authorized to a subordinate user.
It should be noted that, the target user may also authorize the target operation and maintenance flow to the subordinate user as a whole, at this time, the target user does not need to select the node to be authorized again, in a possible implementation manner, two authorization manner options may be preset for the target operation and maintenance flow, such as "whole flow authorization" and "flow node authorization" (which are only exemplified herein), when it is determined that the target user triggers the "whole flow authorization" button, the system defaults to authorize the whole target operation and maintenance flow to the subordinate user, when it is determined that the target user triggers the "flow node authorization" button, the system interface may further prompt the target user to select the node to be authorized, so that the system may determine the target node to be authorized in the target operation and maintenance flow to the subordinate user according to the node to be authorized selected by the target user, the specific manner of determining the target node has been described in the above paragraph, and is not described herein again.
Further, before authorizing the node operation items of one or more target nodes in the target operation and maintenance flow to the subordinate user, target flow execution items to be authorized to the subordinate user in the target operation and maintenance flow can be further determined; the target process execution item may include an item that the subordinate user can trigger the target operation and maintenance process to execute, so that the target process execution item and the node operation items of one or more target nodes in the target operation and maintenance process may be authorized to the subordinate user.
In an actual application scenario, multiple triggering manners for triggering execution of the operation and maintenance flow are generally included, such as timing triggering or triggering when an alarm occurs, so in the present disclosure, when user authorization is performed on the target operation and maintenance flow, the target flow execution item may also be authorized to the lower-level user at the same time, so that authority management of fine granularity of the target operation and maintenance flow may be implemented, where the target flow execution item may be timing triggering or triggering when an alarm occurs.
In one possible implementation, the target flow execution item may be determined based on the target user's selection.
It should be further noted that, the target user may also cancel authorization of the flow operation permission of the target operation and maintenance flow to a subordinate user, so after obtaining a relevant operation that the target user triggers the authorization cancellation (for example, determining that the target user cancels selection of the node to be authorized, or determining that the user triggers a "cancel authorization" button corresponding to the target operation and maintenance flow), cancel authorization of the target flow execution item and the node operation item of the target operation and maintenance flow to the subordinate user, and then the subordinate user does not have the flow operation permission to operate the target operation and maintenance flow, so that flexibility of user authorization may be improved.
By adopting the method, the target user can grant the lower user with the process operation authority of the target operation and maintenance flow, so that the lower user can operate the target operation and maintenance flow according to the granted target item without repeatedly creating the target operation and maintenance flow by the lower user, thereby reducing the workload of repeated operation, improving the convenience of daily operation and maintenance and further improving the working efficiency of daily operation and maintenance.
Fig. 2 is a flowchart of a method for user authorization according to the embodiment shown in fig. 1, which is also applied to user authorization in an operation and maintenance process, as shown in fig. 2, the method includes the following steps:
in step 201, a process operation authority of a target user is acquired.
The target user is a user who performs user authorization on the operation and maintenance process, the operation and maintenance process may include an equipment restart process, an environment detection process, a database deployment process, an alarm processing process, and the like, and the process operation permission includes a permission to execute the operation and maintenance process and a permission to perform user authorization on the operation and maintenance process.
In a possible implementation manner, the permission level of the target user may be obtained, and then the process operation permission is determined according to the permission level, where different permission levels correspond to different process operation permissions, and the permission levels may correspond to the process operation permissions one to one.
In a practical application scenario, a user may log in an operation and maintenance process management system to perform operations such as construction, execution, and user authorization on the operation and maintenance process, and when the target user performs user authorization on the operation and maintenance process, the operation and maintenance process management system also needs to log in to perform operations, and in addition, to facilitate uniform management and configuration of user authorization on the operation and maintenance process, different process roles (such as a super administrator, a primary administrator, a secondary administrator, and the like) may be bound in advance for different users, so in a possible implementation manner, when it is determined that the target user logs in the operation and maintenance process management system to perform user authorization (for example, it is determined that the target user triggers an "authorization setting" button set on an interface), a user name of the target user may be obtained, and then a role bound in advance with the target user is determined according to the user name, and then determining the authority level of the target user according to the role, and further determining the process operation authority of the target user according to the authority level.
Exemplarily, fig. 3 is a schematic diagram illustrating a pre-established correspondence relationship between users and roles, as shown in fig. 3, three roles of a super administrator, a primary administrator, and a secondary administrator are preset, and the authority level of the super administrator is higher than that of the primary administrator, and the authority level of the primary administrator is higher than that of the secondary administrator, wherein, as shown in fig. 3, the super administrator is pre-bound with a user a, the primary administrator is pre-bound with a user B and a user C, the secondary administrator is pre-bound with a user D, a user E, a user F, a user G, and a user H, and different authority levels correspond to different process operation authorities, and the super administrator with the highest authority level owns all operation and maintenance processes registered in the operation and maintenance process management system (e.g. the device restart process listed in fig. 3, the device restart process, and the device restart process, The process operation permissions of the environment detection process, the deployment database process, and the alarm processing process), and may grant the process operation permissions of any one or more operation and maintenance processes in all the operation and maintenance processes to subordinate users such as a first-level administrator and/or a second-level administrator with permission levels lower than that of the super administrator, the permission level is only lower than that of the first-level administrator of the super administrator, the subordinate users have the process operation permissions of the operation and maintenance processes (such as the environment detection process and the alarm processing process in fig. 3) that the super administrator has granted to the first-level administrator user, and the bound role is the user B or the user C of the first-level administrator, and may grant the process operation permissions of any one or two operation and maintenance processes in the environment detection process and the alarm processing process to the user corresponding to the second-level administrator with permission levels lower than that of the first-level administrator (such as any one or more than five users in fig. 3, user D to user H) Users), so that the secondary administrator has the process operation authority for the operation and maintenance process (such as the alarm processing process in fig. 3) that the primary administrator has authorized the users of the secondary administrator, the above example is only illustrative, and the disclosure does not limit this.
Continuing with the example in fig. 3, assuming that the target user is a user a, when it is determined that the user a logs in the operation and maintenance process management system to perform user authorization, it may be determined that the role bound to the user a is a super administrator, and further, it may be determined that the authority level of the super administrator is the highest level, so that it may be determined that the user a has a process operation authority over all operation and maintenance processes (such as the device restart process, the environment detection process, the database deployment process, and the alarm processing process listed in fig. 3) that have been registered in the operation and maintenance process management system.
In step 202, a target operation and maintenance process selected by the target user is determined from one or more operation and maintenance processes corresponding to the process operation authority.
The target operation and maintenance process is an operation and maintenance process selected by the target user and to be authorized to a subordinate user, and when the process operation authority corresponds to a plurality of operation and maintenance processes, the target operation and maintenance process may be any one or more of the plurality of operation and maintenance processes.
When the target user logs in the operation and maintenance process management system to perform user authorization on an operation and maintenance process, one or more operation and maintenance processes corresponding to the process operation authority of the target user may be presented to the target user in a process list form in an interface of the operation and maintenance process management system, so that the target user may select the target operation and maintenance process from the one or more operation and maintenance processes, for example, as shown in fig. 3, it is assumed that the target user is a user a, the operation and maintenance processes corresponding to the process operation authority of the user a are four operation and maintenance processes, i.e., an equipment restart process, an environment detection process, a deployment database process, and an alarm processing process, and the user a may select the environment detection process and the alarm processing process from the four operation and maintenance processes as the target operation and maintenance process, which is only exemplified herein and is not limited by this disclosure.
In addition, in the process of determining the target operation and maintenance flow selected by the target user, one possible implementation manner may be to determine the selected operation and maintenance flow in the one or more operation and maintenance flows as the target operation and maintenance flow, and in another possible implementation manner, a user authorization button of a flow operation authority may be configured in advance for each operation and maintenance flow, for example, "configure user authority," and at this time, the operation and maintenance flow triggered by the user authorization button corresponding to the one or more operation and maintenance flows may be determined as the target operation and maintenance flow.
In step 203, a subordinate user to be authorized is determined.
Wherein the subordinate user has a lower authority than the target user, the subordinate user may be selected by the target user, and the subordinate user may include one or more.
In a possible implementation manner, the target user may select the subordinate user by selecting a role of a user to be authorized, where the subordinate user is all users corresponding to the role selected by the target user, for example, as shown in fig. 3, when it is determined that the role selected by the user a is a first-level administrator, it may be determined that the subordinate user is a user B and a user C corresponding to the first-level administrator.
In another possible implementation manner, the target user may also select the subordinate user in a user list, for example, as shown in fig. 3, after a user a logs in the operation and maintenance process management system, the user list may be opened, and "user B, user C, user D, user E, user F, user G, and user H" are shown in the user list, so that the user a may select one or more users having the same or different roles as the subordinate user in the user list, for example, when it is determined that the user a selects the user B and the user E, it is determined that the subordinate user is the user B and the user E, which are all described above by way of example, and this disclosure does not limit this.
For example, the user a having a super administrator level may select, in the user list, the user B corresponding to the primary administrator having an authority level next to the super administrator as the lower level user, or the user E having a secondary administrator level as the lower level user, which is not limited in the present disclosure.
In step 204, the node to be authorized selected by the target user is determined from the nodes of the target operation and maintenance process.
An operation and maintenance flow may generally include a plurality of nodes, and in a practical application scenario, the target user may select any one node from the plurality of nodes as the node to be authorized, for example, fig. 4 is a schematic node diagram of a target operation and maintenance flow shown according to an exemplary embodiment, as shown in fig. 4, the target operation and maintenance flow includes nine nodes, which are start, file upload, process detection, Linux custom execution, service stop, process stop, system restart, mail notification, and wechat notification, and when the target user selects a "process stop" node, the "process stop" node is the node to be authorized.
In step 205, the node of the target sub-process in the target operation and maintenance process is determined as the target node, and the target sub-process is a sub-process in which the node to be authorized is the end node.
The user authorization method provided by the present disclosure may include two authorization manners, one is to authorize the target operation and maintenance flow to the subordinate user as a whole, and the other is to authorize only a part of nodes in the target operation and maintenance flow to the subordinate user, when the target user wants to authorize a part of nodes in the target operation and maintenance flow to the subordinate user, in order to avoid a complex operation that the target user selects nodes to be authorized one by one, the target user may select only an end node in the target sub-flow to be authorized as the node to be authorized, so that after acquiring the node to be authorized, a flow path from a start node to the node to be authorized in the target operation and maintenance flow may be automatically completed to obtain the target sub-flow, further, it may be determined that a node in the target sub-flow is the target node, and further, before storing the target node, the system may determine whether the target sub-process is complete according to a connection condition of each node in the target sub-process, and when it is determined that the target sub-process is a complete process, the system may determine the node in the target sub-process as the target node to be authorized to a subordinate user.
For example, as shown in fig. 4, assuming that the node to be authorized selected by the target user is a "stop process" node, after the system automatically completes a flow path from the "start" node to the "stop process" node in the target operation and maintenance flow, two target sub-flows of "start → process detection → stop process" and "start → Linux custom execution → stop process" may be obtained, at this time, it may be determined that the target node is four nodes of "start, process detection, Linux custom execution, stop process" in the two target sub-flows, which is only an example and is not limited in this disclosure.
It should be noted that, the target user may also authorize the target operation and maintenance flow to the subordinate user as a whole, at this time, the target user does not need to select the node to be authorized again, in a possible implementation manner, two authorization manner options may be preset for the target operation and maintenance flow, such as "whole flow authorization" and "flow node authorization" (which are only exemplified herein), when it is determined that the target user triggers the "whole flow authorization" button, the system defaults to authorize the whole target operation and maintenance flow to the subordinate user, when it is determined that the target user triggers the "flow node authorization" button, the system interface may further prompt the target user to select the node to be authorized, so that the system may determine the target node to be authorized in the target operation and maintenance flow to the subordinate user according to the node to be authorized selected by the target user, the specific manner of determining the target node has been described in the above paragraph, and is not described herein again.
It should be further noted that, in order to improve security, in the present disclosure, an upper level user may select a visibility degree of the target operation and maintenance flow to a lower level user, specifically, after determining the target node, a visibility degree of the target operation and maintenance flow selected by the target user to the lower level user may be further obtained, where the visibility degree may include that all nodes of the target operation and maintenance flow are visible and only the target node of the target operation and maintenance flow is visible, fig. 5 is a schematic view of a visibility degree of the operation and maintenance flow to the lower level user according to an exemplary embodiment, as shown in fig. 5, when it is determined that the visibility degree of the target operation and maintenance flow selected by the target user to the lower level user is all nodes visible, the target operation and maintenance flow may be displayed to the lower level user in a display manner shown in fig. 5, in a first display manner, all nodes in the target operation and maintenance flow may be displayed to the lower level user, however, the subordinate user can only operate the node operation items (refer to the related description in step 207) of the target node, and since the superior user does not authorize the node operation items of other nodes (such as the nodes connected by the dotted line in the first illustration in fig. 5) in the target operation and maintenance flow to the subordinate user, the subordinate user cannot operate the node operation items of other nodes; when it is determined that the visibility degree of the target operation and maintenance flow selected by the target user to the subordinate user is only the target node visible, the target operation and maintenance flow may be displayed to the subordinate user in the display mode shown in fig. 5, in the display mode two, only the target node in the target operation and maintenance flow may be displayed to the subordinate user, and for other nodes except the target node in the target operation and maintenance flow, the subordinate user is not visible, so that the operation safety of the operation and maintenance flow may be improved.
In step 206, the target process execution items to be authorized to the subordinate user in the target operation and maintenance process are determined.
In an actual application scenario, the target process execution item may include items that the subordinate user can trigger the target operation and maintenance process execution, and generally includes multiple trigger manners for triggering the operation and maintenance process execution, such as timing trigger or triggering when an alarm occurs, so that in the present disclosure, when user authorization is performed on the target operation and maintenance process, the target process execution item may also be authorized to the subordinate user at the same time, so that authority management of fine granularity of the target operation and maintenance process may be implemented, where the target process execution item may be triggered at timing or when an alarm occurs.
In one possible implementation, the target flow execution item may be determined based on the target user's selection.
Illustratively, when the target process execution event is determined to be a timing trigger, the process timing trigger may select multiple trigger times, and a superior user may select one or more preset execution times of the target operation and maintenance process to authorize to a subordinate user; when it is determined that the target process execution event is triggered when an alarm occurs, because the process alarm triggering needs to bind an alarm rule (for example, an alarm is performed when the CPU utilization rate exceeds 95%) and an alarm resource (for example, which CPU is specifically bound), the superior user may select the resource and rule of the target operation and maintenance process alarm to authorize to the inferior user, which is only an example described above, and this disclosure does not limit this.
In step 207, the target process execution transaction and the node operation transactions of one or more target nodes in the target operation and maintenance process are authorized to the subordinate user.
The node operation items may include items such as executing the node, viewing an execution result of the node executed by a superior user, and viewing node customization information of the node.
After the step 207 is executed, the subordinate user may trigger the target operation and maintenance flow according to the target flow execution item authorized by the superior user, or may execute the corresponding node operation item on the target node in the target operation and maintenance flow, and the subordinate user does not need to repeatedly construct the target operation and maintenance flow, so that the reuse rate of the target operation and maintenance flow is improved, and the workload of repeated operation is reduced.
It should be further noted that, the target user may also cancel authorization of the flow operation permission of the target operation and maintenance flow to a subordinate user, so after obtaining a relevant operation that the target user triggers the authorization cancellation (for example, determining that the target user cancels selection of the node to be authorized, or determining that the user triggers a "cancel authorization" button corresponding to the target operation and maintenance flow), cancel authorization of the target flow execution item and the node operation item of the target operation and maintenance flow to the subordinate user, and then the subordinate user does not have the flow operation permission to operate the target operation and maintenance flow, so that flexibility of user authorization may be improved.
By adopting the method, fine-grained authority management of the whole, internal nodes and process configuration resources of the operation and maintenance process can be supported, and the target user can grant the process operation authority of the target operation and maintenance process to the subordinate user, so that the subordinate user can operate the target operation and maintenance process according to the authorized target item without repeatedly creating the target operation and maintenance process by the subordinate user, the workload of repeated operation can be reduced, the convenience of daily operation and maintenance can be improved, and the working efficiency of daily operation and maintenance can be improved.
Fig. 6 is a block diagram of an apparatus for user authorization according to an exemplary embodiment, which is applied to user authorization in an operation and maintenance process, and as shown in fig. 6, the apparatus includes:
an obtaining module 601, configured to obtain a target user process operation permission, where the target user is a user who performs user authorization on an operation and maintenance process;
a first determining module 602, configured to determine a target operation and maintenance process selected by the target user from one or more operation and maintenance processes corresponding to the process operation authority;
a second determining module 603, configured to determine a subordinate user to be authorized, where the authority of the subordinate user is lower than that of the target user;
the authorization module 604 is configured to determine a target item to be authorized to the subordinate user in the target operation and maintenance flow, and authorize the target item to the subordinate user, where the target item is an operation item that the subordinate user can operate the target operation and maintenance flow.
Optionally, the authorization module 604 is configured to authorize node operation items of one or more target nodes in the target operation and maintenance process to the subordinate user.
Optionally, fig. 7 is a block diagram of an apparatus for user authorization according to the embodiment shown in fig. 6, and as shown in fig. 7, the apparatus further includes:
a third determining module 605, configured to determine a node to be authorized, which is selected by the target user, from the nodes in the target operation and maintenance process;
a fourth determining module 606, configured to determine a node of a target sub-process in the target operation and maintenance process as the target node, where the target sub-process is a sub-process in which the node to be authorized is an end node.
Optionally, fig. 8 is a block diagram of an apparatus for user authorization according to the embodiment shown in fig. 6, and as shown in fig. 8, the apparatus further includes:
a fifth determining module 607, configured to determine a target process executing item to be authorized to the subordinate user in the target operation and maintenance process; the target process execution items comprise items which can be triggered by the subordinate user to execute the target operation and maintenance process;
the authorization module 604 is configured to authorize the target process execution item and the node operation items of one or more target nodes in the target operation and maintenance process to the subordinate user.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
By adopting the device, the target user can grant the flow operation authority of the target operation and maintenance flow to the subordinate user, so that the subordinate user can operate the target operation and maintenance flow according to the granted target item without repeatedly creating the target operation and maintenance flow by the subordinate user, the workload of repeated operation can be reduced, the convenience of daily operation and maintenance can be improved, and the working efficiency of daily operation and maintenance can be improved.
Fig. 9 is a block diagram illustrating an electronic device 900 in accordance with an example embodiment. As shown in fig. 9, the electronic device 900 may include: a processor 901 and a memory 902. The electronic device 900 may also include one or more of a multimedia component 903, an input/output (I/O) interface 904, and a communications component 905.
The processor 901 is configured to control the overall operation of the electronic device 900, so as to complete all or part of the steps in the above-mentioned user authorization method. The memory 902 is used to store various types of data to support operation of the electronic device 900, such as instructions for any application or method operating on the electronic device 900 and application-related data, such as contact data, transmitted and received messages, pictures, audio, video, and the like. The Memory 902 may be implemented by any type of volatile or non-volatile Memory device or combination thereof, such as Static Random Access Memory (SRAM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Erasable Programmable Read-Only Memory (EPROM), Programmable Read-Only Memory (PROM), Read-Only Memory (ROM), magnetic Memory, flash Memory, magnetic disk or optical disk. The multimedia component 903 may include a screen and an audio component. Wherein the screen may be, for example, a touch screen and the audio component is used for outputting and/or inputting audio signals. For example, the audio component may include a microphone for receiving external audio signals. The received audio signal may further be stored in the memory 902 or transmitted through the communication component 905. The audio assembly also includes at least one speaker for outputting audio signals. The I/O interface 904 provides an interface between the processor 901 and other interface modules, such as a keyboard, mouse, buttons, etc. These buttons may be virtual buttons or physical buttons. The communication component 905 is used for wired or wireless communication between the electronic device 900 and other devices. Wireless Communication, such as Wi-Fi, bluetooth, Near Field Communication (NFC), 2G, 3G, 4G, NB-IOT, eMTC, or other 5G, etc., or a combination of one or more of them, which is not limited herein. The corresponding communication component 905 may thus include: Wi-Fi module, Bluetooth module, NFC module, etc.
In an exemplary embodiment, the electronic Device 900 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, microcontrollers, microprocessors, or other electronic components for performing the above-described method of user authorization.
In another exemplary embodiment, a computer readable storage medium comprising program instructions which, when executed by a processor, implement the steps of the above-described method of user authorization is also provided. For example, the computer readable storage medium may be the memory 902 described above comprising program instructions executable by the processor 901 of the electronic device 900 to perform the method of user authorization described above.
In another exemplary embodiment, a computer program product is also provided, which comprises a computer program executable by a programmable apparatus, the computer program having code portions for performing the above-mentioned method of object tracking when executed by the programmable apparatus.
The preferred embodiments of the present disclosure are described in detail with reference to the accompanying drawings, however, the present disclosure is not limited to the specific details of the above embodiments, and various simple modifications may be made to the technical solution of the present disclosure within the technical idea of the present disclosure, and these simple modifications all belong to the protection scope of the present disclosure.
It should be noted that, in the foregoing embodiments, various features described in the above embodiments may be combined in any suitable manner, and in order to avoid unnecessary repetition, various combinations that are possible in the present disclosure are not described again.
In addition, any combination of various embodiments of the present disclosure may be made, and the same should be considered as the disclosure of the present disclosure, as long as it does not depart from the spirit of the present disclosure.

Claims (8)

1. A user authorization method is applied to user authorization in an operation and maintenance process, and comprises the following steps:
acquiring a process operation authority of a target user, wherein the target user is a user who performs user authorization on an operation and maintenance process;
determining a target operation and maintenance flow selected by the target user from one or more operation and maintenance flows corresponding to the flow operation authority;
determining a subordinate user to be authorized, wherein the authority of the subordinate user is lower than that of the target user;
determining target items to be authorized to the subordinate user in the target operation and maintenance flow, and authorizing the target items to the subordinate user, wherein the target items comprise node operation items for operating a target node in the target operation and maintenance flow and target flow execution items capable of triggering the target operation and maintenance flow to execute; the node operation items comprise executing the target node, checking an execution result of a superior user after executing the target node and checking node self-defined information of the target node;
prior to said authorizing said targeted transaction to said subordinate user, said method further comprising:
determining a node to be authorized selected by the target user from the nodes of the target operation and maintenance process;
and determining a node of a target sub-process in the target operation and maintenance process as the target node, wherein the target sub-process is a sub-process in which the node to be authorized is used as an end node.
2. The method of claim 1, wherein said authorizing the subject matter to the subordinate user comprises:
and authorizing node operation items of one or more target nodes in the target operation and maintenance flow to the subordinate user.
3. The method of claim 2, wherein prior to said authorizing node operation transactions of one or more target nodes in said target operation and maintenance flow to said subordinate user, said method further comprises:
determining a target process execution item to be authorized to the subordinate user in the target operation and maintenance process; the target process execution items comprise items which can be triggered by the subordinate user to execute the target operation and maintenance process;
the authorizing node operation items of one or more target nodes in the target operation and maintenance process to the subordinate user comprises:
and authorizing the target process execution items and the node operation items of one or more target nodes in the target operation and maintenance process to the subordinate user.
4. An apparatus for user authorization, applied to user authorization in an operation and maintenance process, the apparatus comprising:
the acquisition module is used for acquiring the process operation authority of a target user, wherein the target user is a user who carries out user authorization on the operation and maintenance process;
the first determining module is used for determining a target operation and maintenance flow selected by the target user from one or more operation and maintenance flows corresponding to the flow operation authority;
the second determining module is used for determining a subordinate user to be authorized, and the authority of the subordinate user is lower than that of the target user;
the authorization module is used for determining target items to be authorized to the subordinate user in the target operation and maintenance flow and authorizing the target items to the subordinate user, wherein the target items comprise node operation items for operating a target node in the target operation and maintenance flow and target flow execution items capable of triggering the target operation and maintenance flow to execute; the node operation items comprise executing the target node, checking an execution result of a superior user after executing the target node and checking node self-defined information of the target node;
the device further comprises:
a third determining module, configured to determine, from the nodes in the target operation and maintenance process, a node to be authorized, which is selected by the target user;
a fourth determining module, configured to determine a node of a target sub-process in the target operation and maintenance process as the target node, where the target sub-process is a sub-process in which the node to be authorized is an end node.
5. The apparatus of claim 4, wherein the authorization module is configured to authorize node operation transactions of one or more target nodes in the target operation and maintenance flow to the subordinate user.
6. The apparatus of claim 5, further comprising:
a fifth determining module, configured to determine a target process execution item to be authorized to the subordinate user in the target operation and maintenance process; the target process execution items comprise items which can be triggered by the subordinate user to execute the target operation and maintenance process;
the authorization module is configured to authorize the target process execution item and the node operation items of one or more target nodes in the target operation and maintenance process to the subordinate user.
7. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 3.
8. An electronic device, comprising:
a memory having a computer program stored thereon;
a processor for executing the computer program in the memory to carry out the steps of the method of any one of claims 1 to 3.
CN201910459367.2A 2019-05-29 2019-05-29 User authorization method, device, storage medium and electronic equipment Active CN110276179B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910459367.2A CN110276179B (en) 2019-05-29 2019-05-29 User authorization method, device, storage medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910459367.2A CN110276179B (en) 2019-05-29 2019-05-29 User authorization method, device, storage medium and electronic equipment

Publications (2)

Publication Number Publication Date
CN110276179A CN110276179A (en) 2019-09-24
CN110276179B true CN110276179B (en) 2021-09-17

Family

ID=67960345

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910459367.2A Active CN110276179B (en) 2019-05-29 2019-05-29 User authorization method, device, storage medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN110276179B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106294813A (en) * 2016-08-15 2017-01-04 歌尔股份有限公司 A kind of method and apparatus of smart machine person recognition
CN106779412A (en) * 2016-12-16 2017-05-31 四川长虹电器股份有限公司 Method using authorizing is carried out based on business organization's framework
CN107103417A (en) * 2017-04-19 2017-08-29 无锡史提沃德移动互联网科技有限公司 Standardize multidimensional chain type pre-granted right management system

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7810164B2 (en) * 2004-11-11 2010-10-05 Yamaha Corporation User management method, and computer program having user authorization management function
JP2010092172A (en) * 2008-10-06 2010-04-22 Fujitsu Ltd Security system, program and method
CN103745161B (en) * 2013-12-23 2016-08-24 东软集团股份有限公司 Access method of controlling security and device
CN105763522B (en) * 2014-12-18 2020-02-14 中兴通讯股份有限公司 Authorization processing method and device
CN107800676A (en) * 2016-11-14 2018-03-13 平安科技(深圳)有限公司 A kind of method and apparatus of Service Privileges upgrading
CN106534202A (en) * 2016-12-26 2017-03-22 北京恒华伟业科技股份有限公司 Permission processing method and device
CN108009412A (en) * 2017-12-26 2018-05-08 华勤通讯技术有限公司 Using the authorization method and electronic equipment of item

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106294813A (en) * 2016-08-15 2017-01-04 歌尔股份有限公司 A kind of method and apparatus of smart machine person recognition
CN106779412A (en) * 2016-12-16 2017-05-31 四川长虹电器股份有限公司 Method using authorizing is carried out based on business organization's framework
CN107103417A (en) * 2017-04-19 2017-08-29 无锡史提沃德移动互联网科技有限公司 Standardize multidimensional chain type pre-granted right management system

Also Published As

Publication number Publication date
CN110276179A (en) 2019-09-24

Similar Documents

Publication Publication Date Title
US11693712B2 (en) Techniques for preventing concurrent execution of declarative infrastructure provisioners
US11265329B2 (en) Mechanisms for anomaly detection and access management
EP3513543B1 (en) Dynamic policy injection and access visualization for threat detection
JP6895431B2 (en) Passwordless authentication for access control
CN110191063B (en) Service request processing method, device, equipment and storage medium
US20150074750A1 (en) Integrating security policy and event management
CN111460429B (en) Task processing method, device, equipment and medium based on trusted execution environment
US11677696B2 (en) Architecture for performing action in a third-party service by an email client
KR20170096116A (en) Security and permission architecture in a multi-tenant computing system
KR20170096117A (en) Security and permission architecture in a multi-tenant computing system
CN112567709B (en) Enhancing security using anomaly detection
US10582005B2 (en) Architecture for performing actions in a third-party service by an email client
EP4094154A1 (en) Techniques for deploying infrastructure resources with a declarative provisioning tool
CN113542214A (en) Access control method, device, equipment and machine readable storage medium
CN110276179B (en) User authorization method, device, storage medium and electronic equipment
WO2019158740A1 (en) Method and system for providing a notification from a provider to a consumer for providing the notification to a user group
CN111858089B (en) Method and device for calling Ethernet nodes
KR102637796B1 (en) Method and system for processing chat rooms based on level of usage and non-transitory computer readable recording media
CN115577344A (en) Authority management method, device, equipment and storage medium
KR102158526B1 (en) Method and apparatus for controlling function utilizing code
CN105518663A (en) Automatic blocking of bad actors
CN113326321B (en) User data management method and device based on block chain
KR102255140B1 (en) Hacking prevention apparatus for backend flatform using block chain
CN111597226B (en) Data mining system, method, device, electronic equipment and storage medium
CN118094528A (en) Virtual machine creation method based on trusted execution environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant