CN110619206A - Operation and maintenance risk control method, system, equipment and computer readable storage medium - Google Patents
Operation and maintenance risk control method, system, equipment and computer readable storage medium Download PDFInfo
- Publication number
- CN110619206A CN110619206A CN201910755412.9A CN201910755412A CN110619206A CN 110619206 A CN110619206 A CN 110619206A CN 201910755412 A CN201910755412 A CN 201910755412A CN 110619206 A CN110619206 A CN 110619206A
- Authority
- CN
- China
- Prior art keywords
- user
- target
- authority
- item
- risk control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000012423 maintenance Methods 0.000 title claims abstract description 54
- 238000000034 method Methods 0.000 title claims abstract description 51
- 238000012954 risk control Methods 0.000 title claims abstract description 43
- 238000003066 decision tree Methods 0.000 claims description 27
- 230000008569 process Effects 0.000 claims description 19
- 238000012545 processing Methods 0.000 claims description 15
- 238000004590 computer program Methods 0.000 claims description 11
- 238000013145 classification model Methods 0.000 claims description 8
- 238000012946 outsourcing Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The embodiment of the invention provides an operation and maintenance risk control method, which comprises the following steps: receiving event request information sent by a user through a client, wherein the event request information comprises user information and a requested target event; authenticating the user through a plurality of authority switches according to the item request information; determining whether the user has a target authority corresponding to the target item according to an authentication result; and when the user is determined to have the target right corresponding to the target item, feeding back item data or service of the target item to the client. According to the embodiment of the invention, the operation and maintenance risks can be controlled through different types of switches, and the risk resistance of the system is improved.
Description
Technical Field
The embodiment of the invention relates to the field of computer data processing, in particular to an operation and maintenance risk control method, system, computer equipment and computer readable storage medium.
Background
Information Technology (IT) is a generic term for various technologies used primarily to manage and process information, and ITs applications include computer hardware and software, networking and communications, information security, and the like. It includes both administrative and technical components. The management components comprise mission, function and information requirement, system configuration and information flow; the technical component includes information technology standards, rules, etc. for implementing the management architecture. IT is understood that with the advent and development of IT, corresponding IT operation and maintenance is also in progress, and is used for monitoring and managing IT facilities, business systems, data circulation and the like.
In particular, monitoring and management of data circulation is becoming more and more important in the work of IT operation and maintenance, and data security is important particularly for data-driven enterprises and institutions. Therefore, how to control the operation and maintenance risk becomes one of the problems to be solved at present.
Disclosure of Invention
In view of the above, embodiments of the present invention provide an operation and maintenance risk control method, system, computer device, and computer readable storage medium to improve operation and maintenance risk control capability.
In order to achieve the above object, an embodiment of the present invention provides an operation and maintenance risk control method, including the following steps:
receiving event request information sent by a user through a client, wherein the event request information comprises user information and a requested target event;
authenticating the user through a plurality of authority switches according to the item request information;
determining whether the user has a target authority corresponding to the target item according to an authentication result;
and when the user is determined to have the target right corresponding to the target item, feeding back item data or service of the target item to the client.
Preferably, the user information includes a plurality of feature data corresponding to a plurality of features;
the step of authenticating the user through a plurality of authority switches according to the item request information comprises the following steps:
inputting a plurality of feature data corresponding to the plurality of features into a pre-constructed decision tree, and outputting leaf nodes corresponding to the decision tree by the user through the decision tree;
the decision tree comprises a plurality of non-leaf nodes and a plurality of leaf nodes, each non-leaf node corresponds to one authority switch, and each leaf node is associated with a plurality of authority items.
Preferably, the step of determining whether the user has a target right corresponding to the target item according to the authentication result includes:
judging whether the target item is in a plurality of authority items associated with the leaf node;
determining that the user has a target permission to process the target transaction if among the plurality of permission transactions associated with the leaf node;
determining that the user does not have a target permission to process the target transaction if the user is not in the plurality of permission transactions associated with the leaf node.
Preferably, the user information includes a plurality of feature data corresponding to a plurality of features;
the step of authenticating the user through a plurality of authority switches according to the item request information comprises the following steps:
inputting a plurality of feature data corresponding to the plurality of features into a pre-constructed iterative decision tree model, and outputting a corresponding authority feature combination through the iterative decision tree model;
and inputting the authority feature combination into a classification model, and outputting confidence coefficients corresponding to all matters through the classification model.
Preferably, the step of determining whether the user has a target right corresponding to the target item according to the authentication result includes:
judging whether the target item is in an item set with a confidence coefficient higher than a preset threshold value;
if the confidence coefficient is higher than a preset threshold value in the transaction set, determining that the user has a target authority for processing the target transaction;
and if the user is not in the transaction set with the confidence coefficient higher than the preset threshold, determining that the user does not have the target authority for processing the target transaction.
Preferably, the method further comprises the following steps:
and when the user does not have the target right corresponding to the target item processing, generating one or more target strategies required by the user for acquiring the item data or the service.
Preferably, the user information includes: position, level, position, time, device attributes of the device where the client is located, and user login information of the client.
In order to achieve the above object, an embodiment of the present invention further provides an operation and maintenance risk control system, including:
the system comprises a receiving module, a processing module and a display module, wherein the receiving module is used for receiving event request information sent by a user through a client, and the event request information comprises user information and a requested target event;
the authentication module is used for authenticating the user through a plurality of authority switches according to the item request information;
the determining module is used for determining whether the user has a target authority corresponding to the target item according to the authentication result;
and the feedback module is used for feeding back the item data or service of the target item to the client when the user is determined to have the target right corresponding to the target item.
To achieve the above object, an embodiment of the present invention further provides a computer device, a memory of the computer device, a processor, and a computer program stored in the memory and executable on the processor, where the computer program, when executed by the processor, implements the steps of the operation and maintenance risk control method described above.
To achieve the above object, an embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored, where the computer program is executable by at least one processor, so as to cause the at least one processor to execute the steps of the operation and maintenance risk control method described above.
The operation and maintenance risk control method, the operation and maintenance risk control system, the computer equipment and the computer readable storage medium provided by the embodiment of the invention can carry out authentication operation on the user through a plurality of authority switches of different types according to the user information of the user and the requested target items so as to determine whether the user has the target authority for processing the target items; and if so, feeding back the item data or service of the target item to the client. Namely, the operation and maintenance risks can be controlled through different types of switches, and the risk resistance of the system is improved.
Drawings
Fig. 1 is a schematic flow chart of a first embodiment of an operation and maintenance risk control method according to the present invention.
Fig. 2 is another schematic flow chart of an operation and maintenance risk control method according to a first embodiment of the present invention.
Fig. 3 is a flowchart illustrating a second operation and maintenance risk control method according to an embodiment of the present invention.
Fig. 4 is a schematic view of program modules of a third embodiment of the operation and maintenance risk control method according to the present invention.
Fig. 5 is a schematic diagram of a hardware structure of a fourth embodiment of the computer apparatus according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
For enterprise background systems, as the service volume increases year by year, servers, clients and the like are continuously updated and upgraded, and the environment multi-element combination tends to be more complex; client system personalization and environmental adaptability requirements are more and more; the external systems accessed are also diverse. Therefore, operation and maintenance risk control becomes more and more complex, and once a problem occurs, very serious consequences can occur. The following embodiments are directed to addressing one or more operation and maintenance risk control schemes or devices.
The following embodiment will exemplarily be described with the computer apparatus 2 as an execution subject.
The computer device 2 is illustratively connected to a client. The client is used for requesting data or services from the computer device 2 according to user requirements. The client may also be a personal computer, a tablet computer, or the like. The client can run operating systems such as Microsoft Windows, Linux, Mac OS, Android, IOS and the like.
Example one
Referring to fig. 1, a flowchart illustrating steps of an operation and maintenance risk control method according to a first embodiment of the present invention is shown. It is to be understood that the flow charts in the embodiments of the present method are not intended to limit the order in which the steps are performed. The details are as follows.
Step S100, receiving the transaction request information sent by the user through the client, wherein the transaction request information comprises user information and the requested target transaction.
The user information includes: position, level, location, time, device attributes of the device where the client is located, user login information of the client, and the like.
In an exemplary embodiment, the user may input the transaction request information through a graphical user interface displayed on the client, and the client is configured with a hardware interface such as a physical keyboard/mouse or a virtual keyboard/mouse. The user may enter the transaction request information into the user graphical interface through the hardware interface.
And step S102, authenticating the user through a plurality of authority switches according to the item request information.
And the authority switch is an authority configuration parameter of the authority corresponding to each operation or transaction by different user IDs, such as calling, accessing, using and the like.
For example, if the authority configuration parameter configuring operation B for user a is "0", the authority switch of user a for operation B is turned off; and configuring the authority configuration parameter of the operation B for the user A to be 1, and then opening an authority switch of the user A aiming at the operation B. It will be understood that the above simple examples are merely for the purpose of visually illustrating the concept of the authority switch, and are not intended to limit the present invention.
Multiple permission switches may be preconfigured, for example:
configuring one or more permission switches of corresponding posts, such as: developing the post, and only using a computer to check the operation authorities such as application system logs, configuration and the like; the operation and maintenance station has operation permission of operating the application system in all modes of the mobile terminal (short message, WeChat, app and the like) such as restarting and modifying.
Configuring one or more permission switches corresponding to the job level, such as: the operation and maintenance common staff only have the operation authority of a 4-level system, and the operation and maintenance manager has the operation authority of all the level systems.
Configuring one or more permission switches corresponding to time, such as: 8-18 points in the business peak period, and common staff at the post have no system operation authority and need to be authorized by a post manager to operate; after 18 hours, the post ordinary personnel have the system operation authority.
Configuring one or more permission switches in corresponding positions, such as: the common operation and maintenance staff are positioned in a GPS mode and the like, and only in the Shenzhen region, the system operation authority is provided; and application authorization is required outside Shenzhen city.
Configuring one or more permission switches corresponding to the working modes, such as: short messages and WeChat, and only system configuration and logs can be checked; the mobile phone app software can only restart the system; the computer has all operation authorities of modification, restart, viewing and the like.
Configuring one or more permission switches corresponding to the operation types, such as: checking configuration and logs, and verifying identity by short messages; restarting the system, and verifying the identity by voice or fingerprint; and modifying the system, and verifying the identity by face recognition.
Configuring one or more permission switches corresponding to the data levels, such as: data are disclosed, and all employees have viewing permissions; secret data, namely, official employees have viewing authority and managers have modification authority; in a common system, all employees have operation authority; and in the core system, only the qualified staff has the operation authority.
The above is only a simple example and does not limit the embodiment of the present invention.
In an exemplary embodiment, the user information includes a plurality of feature data corresponding to a plurality of features. As shown in fig. 2, the step S102 further includes a step S102 a: inputting a plurality of feature data corresponding to the plurality of features into a pre-constructed decision tree, and outputting the leaf nodes corresponding to the decision tree by the user through the decision tree. The decision tree comprises a plurality of non-leaf nodes and a plurality of leaf nodes, each non-leaf node corresponds to one authority switch, and each leaf node is associated with a plurality of authority items.
Specifically, as shown in fig. 2, the specific step of outputting the leaf node corresponding to the user in the decision tree through the decision tree may be as follows:
(1) inputting feature data of corresponding features to the non-leaf nodes according to the permission switches corresponding to the non-leaf nodes, and distributing the user to the next non-leaf node designated by the non-leaf nodes through the non-leaf nodes according to the feature data of the corresponding features and the corresponding permission switches;
(2) performing step (1) based on the next non-leaf node until the user is assigned to one of the plurality of leaf nodes.
Step S104, determining whether the user has the target authority corresponding to the target item according to the authentication result. If yes, go to step S106; otherwise, the process proceeds to step S108.
In an exemplary embodiment, step S104 further includes:
step S104a, determine whether the target item is in the multiple authority items associated with the leaf node. If so, go to step S104b, otherwise, go to step S104 c.
Step S104b, determining that the user has target permission to process the target transaction.
Step S104c, determining that the user does not have target permission to process the target transaction.
Step S106, the item data or service of the target item is fed back to the client.
Step S108, generating one or more target strategies required by the user to obtain the item data or the service;
for example, the target policy: sending the item data or service of the target item to a designated third party client to determine, by the third party client, whether to send the item data or service to the client;
for example, the target policy: and according to the authority switch failing in authentication, providing indication opinions to the client.
In order to make steps S106 and S108 more clearly understood in this embodiment, the following lists several actual operations in a simple scenario:
in scenario 1, the outsource developer a has data acquisition rights to acquire less than 50 pieces of data. And when the outsourcing personnel A queries the data and the data volume of the queried data is less than 50, feeding the query result back to the outsourcing developer. And if the data volume is more than 50, feeding the query result back to a formal employee B in charge of managing the outsourced developer A, and determining whether to forward the outsourced developer or not by the employee B. And if the data volume is more than 1000, the system feeds the query result back to a manager C of a formal employee B in charge of managing the outsourced developer A, and the manager C determines whether to forward the outsourced developer.
And in a scene 2, outsourcing developers A apply for inquiring data, disclose data at a level and automatically feed back the inquiry result to A by the system. And (4) feeding the query result back to a formal employee B in charge of managing the outsourced developer A by the system according to the secret-level data, and determining whether to forward the outsourced developer or not by the employee B. And if the data is confidential, the system feeds the query result back to a manager C of a formal employee B in charge of managing the outsourced developer A, and the manager C determines whether to forward the outsourced developer A or not.
And in a scene 3, outsourcing only has the authority of inquiring public level data, common employees have the authority of checking secret level data, and a grouping manager has the authority of checking secret level data.
And 4, applying for viewing system logs and files by a outsourcing developer A, and applying for permission by using WeChat or mails. And the operation and maintenance uses tools such as WeChat, short message or APP and the like, and after approval is checked in a voice, fingerprint, gesture and expression mode, outsourcing developer A obtains the permission.
And in the scene 5, outsourcing a developer A to make a customer service call, identifying the identity and the authority of the employee by the customer service system according to the voice of the employee, requiring serial restart of the application system A by the voice of the employee, intelligently identifying the authority of the user by the customer service system, initiating corresponding approval according to a preset rule, and executing restart operation after approval is passed.
And in a scene 6, by combining a positioning mode such as a GPS and the like and authority management and control, outsourcing the staff, and checking the log and data authority by using a computer terminal only in a range of 50 meters near the Shenzhen Futian XX financial center. Formal employees, Shenzhen, have the operation and maintenance rights in the downtown region. And in the market place of Shenzhen, there is no related authority or a temporary operation authority after a specific approval.
Example two
Referring to fig. 3, a flowchart illustrating steps of an operation and maintenance risk control method according to a second embodiment of the present invention is shown. It is to be understood that the flow charts in the embodiments of the present method are not intended to limit the order in which the steps are performed. The details are as follows.
Step S200, receiving the transaction request information sent by the user through the client, wherein the transaction request information comprises user information and the requested target transaction.
The user information includes: position, level, location, time, device attributes of the device where the client is located, user login information of the client, and the like.
In an exemplary embodiment, the user may input the transaction request information through a graphical user interface displayed on the client, and the client is configured with a hardware interface such as a physical keyboard/mouse or a virtual keyboard/mouse. The user may enter the transaction request information into the user graphical interface through the hardware interface.
Step S202, according to the item request information, the user is authenticated through a plurality of authority switches.
In an exemplary embodiment, the user information includes a plurality of feature data corresponding to a plurality of features. The step S202 further includes:
step S202a, inputting a plurality of feature data corresponding to the plurality of features into a pre-constructed iterative decision tree model, and outputting a corresponding authority feature combination through the iterative decision tree model;
step S202b is to input the authority feature combinations into a classification model, and output confidence coefficients corresponding to the respective items by the classification model.
The iterative decision tree model includes a plurality of trees, each tree including a plurality of non-leaf nodes and a plurality of leaf nodes. Each non-leaf node corresponds to an authority switch.
Step S204, determining whether the user has the target authority corresponding to the target item according to the authentication result. If yes, go to step S206; otherwise, the process proceeds to step S208.
In an exemplary embodiment, step S204 further includes:
step S204a, determine whether the target item is in the item set with the confidence coefficient higher than the preset threshold. If so, go to step S204 b; otherwise, the process proceeds to S204 c.
Step S204b, determining that the user has a target authority to process the target transaction;
step S204c, determining that the user does not have target permission to process the target transaction.
Step 206, feeding back the item data or service of the target item to the client.
Step S208, sending the item data or service of the target item to a designated third party client, so that the third party client determines whether to send the item data or service to the client.
EXAMPLE III
Please refer to fig. 4, which shows a program module diagram of a third embodiment of the operation and maintenance risk control system of the present invention. In this embodiment, the operation and maintenance risk control system 20 may include or be divided into one or more program modules, and the one or more program modules are stored in a storage medium and executed by one or more processors to implement the present invention and implement the above-mentioned data manipulation method. The program module referred to in the embodiments of the present invention refers to a series of computer program instruction segments capable of performing specific functions, and is more suitable for describing the execution process of the operation and maintenance risk control system 20 in the storage medium than the program itself. The following description will specifically describe the functions of the program modules of the present embodiment:
the receiving module 200 is configured to receive event request information sent by a user through a client, where the event request information includes user information and a requested target event. In an exemplary embodiment, the user information includes: position, level, position, time, device attributes of the device where the client is located, and user login information of the client.
And the authentication module 202 is configured to authenticate the user through a plurality of permission switches according to the item request information.
A determining module 204, configured to determine, according to an authentication result, whether the user has a target right corresponding to the target item.
A feedback module 206, configured to feed back, to the client, the item data or the service of the target item when it is determined that the user has the target right to process the target item.
In an exemplary embodiment, the user information includes a plurality of feature data corresponding to a plurality of features, and the authentication module 202 is further configured to: inputting a plurality of feature data corresponding to the plurality of features into a pre-constructed decision tree, and outputting the leaf nodes corresponding to the decision tree by the user through the decision tree. The decision tree comprises a plurality of non-leaf nodes and a plurality of leaf nodes, each non-leaf node corresponds to one authority switch, and each leaf node is associated with a plurality of authority items. The determining module 204 is further configured to: judging whether the target item is in a plurality of authority items associated with the leaf node; determining that the user has a target permission to process the target transaction if among the plurality of permission transactions associated with the leaf node; determining that the user does not have a target permission to process the target transaction if the user is not in the plurality of permission transactions associated with the leaf node.
In an exemplary embodiment, the user information includes a plurality of feature data corresponding to a plurality of features, and the authentication module 202 is further configured to: inputting a plurality of feature data corresponding to the plurality of features into a pre-constructed iterative decision tree model, and outputting a corresponding authority feature combination through the iterative decision tree model; and inputting the authority feature combination into a classification model, and outputting confidence coefficients corresponding to all matters through the classification model. The determining module 204 is further configured to: judging whether the target item is in an item set with a confidence coefficient higher than a preset threshold value; if the confidence coefficient is higher than a preset threshold value in the transaction set, determining that the user has a target authority for processing the target transaction; and if the user is not in the transaction set with the confidence coefficient higher than the preset threshold, determining that the user does not have the target authority for processing the target transaction.
In an exemplary embodiment, the feedback module 206 is further configured to: and when the user does not have the target right corresponding to the target item processing, generating one or more target strategies required by the user for acquiring the item data or the service.
Example four
Fig. 5 is a schematic diagram of a hardware architecture of a computer device according to a fourth embodiment of the present invention. In the present embodiment, the computer device 2 is a device capable of automatically performing numerical calculation and/or information processing in accordance with a preset or stored instruction. The computer device 2 may be a rack server, a blade server, a tower server or a rack server (including an independent server or a server cluster composed of a plurality of servers), and the like. As shown, the computer device 2 includes, but is not limited to, at least a memory 21, a processor 22, a network interface 23, and an operation and maintenance risk control system 20, which may be communicatively coupled to each other via a system bus. Wherein:
in this embodiment, the memory 21 includes at least one type of computer-readable storage medium including a flash memory, a hard disk, a multimedia card, a card-type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Read Only Memory (ROM), an Electrically Erasable Programmable Read Only Memory (EEPROM), a Programmable Read Only Memory (PROM), a magnetic memory, a magnetic disk, an optical disk, and the like. In some embodiments, the storage 21 may be an internal storage unit of the computer device 2, such as a hard disk or a memory of the computer device 2. In other embodiments, the memory 21 may also be an external storage device of the computer device 2, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), etc. provided on the computer device 20. Of course, the memory 21 may also comprise both internal and external memory units of the computer device 2. In this embodiment, the memory 21 is generally used to store an operating system installed in the computer device 2 and various application software, such as the program code of the operation and maintenance risk control system 20 in the third embodiment. Further, the memory 21 may also be used to temporarily store various types of data that have been output or are to be output.
Processor 22 may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor, or other data Processing chip in some embodiments. The processor 22 is typically used to control the overall operation of the computer device 2. In this embodiment, the processor 22 is configured to run the program codes stored in the memory 21 or process data, for example, run the operation and maintenance risk control system 20, so as to implement the operation and maintenance risk control method according to the first embodiment and the second embodiment.
The network interface 23 may comprise a wireless network interface or a wired network interface, and the network interface 23 is generally used for establishing communication connection between the computer device 2 and other electronic apparatuses. For example, the network interface 23 is used to connect the computer device 2 to an external terminal through a network, establish a data transmission channel and a communication connection between the computer device 2 and the external terminal, and the like. The network may be a wireless or wired network such as an Intranet (Intranet), the Internet (Internet), a Global System of Mobile communication (GSM), Wideband Code Division Multiple Access (WCDMA), a 4G network, a 5G network, Bluetooth (Bluetooth), Wi-Fi, and the like.
It is noted that fig. 4 only shows the computer device 2 with components 20-23, but it is to be understood that not all shown components are required to be implemented, and that more or less components may be implemented instead.
In this embodiment, the operation and maintenance risk control system 20 stored in the memory 21 may be further divided into one or more program modules, and the one or more program modules are stored in the memory 21 and executed by one or more processors (in this embodiment, the processor 22) to complete the present invention.
For example, fig. 4 is a schematic diagram of program modules for implementing a third embodiment of the operation and maintenance risk control system 20, in which the operation and maintenance-based risk control system 20 may be divided into a receiving module 200, an authenticating module 202, a determining module 204, and a feedback module 206. The program module referred to in the present invention refers to a series of computer program instruction segments capable of performing specific functions, and is more suitable than a program for describing the execution process of the operation and maintenance risk control system 20 in the computer device 2. The specific functions of the program modules 200 and 206 have been described in detail in the third embodiment, and are not described herein again.
EXAMPLE five
The present embodiment also provides a computer-readable storage medium, such as a flash memory, a hard disk, a multimedia card, a card-type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a read-only memory (ROM), an electrically erasable programmable read-only memory (EEPROM), a programmable read-only memory (PROM), a magnetic memory, a magnetic disk, an optical disk, a server, an App application mall, etc., on which a computer program is stored, which when executed by a processor implements corresponding functions. The computer readable storage medium of this embodiment is used for storing the operation and maintenance risk control system 20, and when executed by the processor, the operation and maintenance risk control method of the first embodiment or the second embodiment is implemented.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. An operation and maintenance risk control method, characterized in that the method comprises:
receiving event request information sent by a user through a client, wherein the event request information comprises user information and a requested target event;
authenticating the user through a plurality of authority switches according to the item request information;
determining whether the user has a target authority corresponding to the target item according to an authentication result;
and when the user is determined to have the target right corresponding to the target item, feeding back item data or service of the target item to the client.
2. The operation and maintenance risk control method according to claim 1, wherein the user information includes a plurality of feature data corresponding to a plurality of features;
the step of authenticating the user through a plurality of authority switches according to the item request information comprises the following steps:
inputting a plurality of feature data corresponding to the plurality of features into a pre-constructed decision tree, and outputting leaf nodes corresponding to the decision tree by the user through the decision tree;
the decision tree comprises a plurality of non-leaf nodes and a plurality of leaf nodes, each non-leaf node corresponds to one authority switch, and each leaf node is associated with a plurality of authority items.
3. The operation and maintenance risk control method according to claim 2, wherein the step of determining whether the user has a target right corresponding to the target item according to the authentication result comprises:
judging whether the target item is in a plurality of authority items associated with the leaf node;
determining that the user has a target permission to process the target transaction if among the plurality of permission transactions associated with the leaf node;
determining that the user does not have a target permission to process the target transaction if the user is not in the plurality of permission transactions associated with the leaf node.
4. The operation and maintenance risk control method according to claim 1, wherein the user information includes a plurality of feature data corresponding to a plurality of features;
the step of authenticating the user through a plurality of authority switches according to the item request information comprises the following steps:
inputting a plurality of feature data corresponding to the plurality of features into a pre-constructed iterative decision tree model, and outputting a corresponding authority feature combination through the iterative decision tree model;
and inputting the authority feature combination into a classification model, and outputting confidence coefficients corresponding to all matters through the classification model.
5. The operation and maintenance risk control method according to claim 4, wherein the step of determining whether the user has the target authority corresponding to the target item according to the authentication result comprises:
judging whether the target item is in an item set with a confidence coefficient higher than a preset threshold value;
if the confidence coefficient is higher than a preset threshold value in the transaction set, determining that the user has a target authority for processing the target transaction;
and if the user is not in the transaction set with the confidence coefficient higher than the preset threshold, determining that the user does not have the target authority for processing the target transaction.
6. The operation and maintenance risk control method according to any one of claims 1 to 5, further comprising:
and when the user does not have the target right corresponding to the target item processing, generating one or more target strategies required by the user for acquiring the item data or the service.
7. The operation and maintenance risk control method according to any one of claims 1 to 5, wherein the user information comprises: position, level, position, time, device attributes of the device where the client is located, and user login information of the client.
8. An operation and maintenance risk control system, the system comprising:
the system comprises a receiving module, a processing module and a display module, wherein the receiving module is used for receiving event request information sent by a user through a client, and the event request information comprises user information and a requested target event;
the authentication module is used for authenticating the user through a plurality of authority switches according to the item request information;
the determining module is used for determining whether the user has a target authority corresponding to the target item according to the authentication result;
and the feedback module is used for feeding back the item data or service of the target item to the client when the user is determined to have the target right corresponding to the target item.
9. A computer device having a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the computer program when executed by the processor implements the steps of the operation and maintenance risk control method according to any one of claims 1 to 7.
10. A computer-readable storage medium, having stored thereon a computer program, the computer program being executable by at least one processor to cause the at least one processor to perform the steps of the operation and maintenance risk control method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910755412.9A CN110619206B (en) | 2019-08-15 | 2019-08-15 | Operation and maintenance risk control method, system, equipment and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910755412.9A CN110619206B (en) | 2019-08-15 | 2019-08-15 | Operation and maintenance risk control method, system, equipment and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110619206A true CN110619206A (en) | 2019-12-27 |
| CN110619206B CN110619206B (en) | 2024-04-02 |
Family
ID=68921922
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910755412.9A Active CN110619206B (en) | 2019-08-15 | 2019-08-15 | Operation and maintenance risk control method, system, equipment and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110619206B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111880864A (en) * | 2020-07-30 | 2020-11-03 | 平安国际智慧城市科技股份有限公司 | Model calling method, system, computer equipment and storage medium based on HTTP |
| CN112989298A (en) * | 2021-03-09 | 2021-06-18 | 京东数字科技控股股份有限公司 | Authority management method, device, computer equipment and storage medium |
| CN113225296A (en) * | 2020-01-21 | 2021-08-06 | 华为技术有限公司 | Authority management method and device |
| CN113824573A (en) * | 2020-06-18 | 2021-12-21 | 华为技术有限公司 | Object management method and device |
| CN114039873A (en) * | 2021-11-09 | 2022-02-11 | 北京天融信网络安全技术有限公司 | Auditing method and operation and maintenance safety auditing system for client type |
| CN116760648A (en) * | 2023-08-22 | 2023-09-15 | 上海金电网安科技有限公司 | Security service method, device, electronic equipment and storage medium |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102217280A (en) * | 2011-05-25 | 2011-10-12 | 华为技术有限公司 | Method, system, and server for user service authentication |
| KR20150120188A (en) * | 2014-04-17 | 2015-10-27 | 주식회사 에스원 | authentication method and authentication device using the same |
| CN105260628A (en) * | 2014-06-03 | 2016-01-20 | 腾讯科技(深圳)有限公司 | Classifier training method and device and identity verification method and system |
| CN106874944A (en) * | 2017-01-24 | 2017-06-20 | 淮阴工学院 | A kind of measure of the classification results confidence level based on Bagging and outlier |
| CN107124431A (en) * | 2017-06-22 | 2017-09-01 | 浙江数链科技有限公司 | Method for authenticating, device, computer-readable recording medium and right discriminating system |
| WO2017204775A1 (en) * | 2016-05-23 | 2017-11-30 | Thomson Reuters Global Resources | Systems and methods for data evaluation and classification |
| CN108471400A (en) * | 2018-02-07 | 2018-08-31 | 阿里巴巴集团控股有限公司 | Method for authenticating, apparatus and system |
| EP3404569A1 (en) * | 2017-05-16 | 2018-11-21 | Bundesdruckerei GmbH | Method, system and computer program product for authenticating a user based on behaviour |
| CN109918949A (en) * | 2019-03-12 | 2019-06-21 | 深圳灵图慧视科技有限公司 | Recognition methods, device, electronic equipment and storage medium |
-
2019
- 2019-08-15 CN CN201910755412.9A patent/CN110619206B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102217280A (en) * | 2011-05-25 | 2011-10-12 | 华为技术有限公司 | Method, system, and server for user service authentication |
| KR20150120188A (en) * | 2014-04-17 | 2015-10-27 | 주식회사 에스원 | authentication method and authentication device using the same |
| CN105260628A (en) * | 2014-06-03 | 2016-01-20 | 腾讯科技(深圳)有限公司 | Classifier training method and device and identity verification method and system |
| WO2017204775A1 (en) * | 2016-05-23 | 2017-11-30 | Thomson Reuters Global Resources | Systems and methods for data evaluation and classification |
| CN106874944A (en) * | 2017-01-24 | 2017-06-20 | 淮阴工学院 | A kind of measure of the classification results confidence level based on Bagging and outlier |
| EP3404569A1 (en) * | 2017-05-16 | 2018-11-21 | Bundesdruckerei GmbH | Method, system and computer program product for authenticating a user based on behaviour |
| CN107124431A (en) * | 2017-06-22 | 2017-09-01 | 浙江数链科技有限公司 | Method for authenticating, device, computer-readable recording medium and right discriminating system |
| CN108471400A (en) * | 2018-02-07 | 2018-08-31 | 阿里巴巴集团控股有限公司 | Method for authenticating, apparatus and system |
| CN109918949A (en) * | 2019-03-12 | 2019-06-21 | 深圳灵图慧视科技有限公司 | Recognition methods, device, electronic equipment and storage medium |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113225296A (en) * | 2020-01-21 | 2021-08-06 | 华为技术有限公司 | Authority management method and device |
| CN113824573A (en) * | 2020-06-18 | 2021-12-21 | 华为技术有限公司 | Object management method and device |
| CN111880864A (en) * | 2020-07-30 | 2020-11-03 | 平安国际智慧城市科技股份有限公司 | Model calling method, system, computer equipment and storage medium based on HTTP |
| CN111880864B (en) * | 2020-07-30 | 2023-12-26 | 平安国际智慧城市科技股份有限公司 | HTTP-based model calling method, system, computer device and storage medium |
| CN112989298A (en) * | 2021-03-09 | 2021-06-18 | 京东数字科技控股股份有限公司 | Authority management method, device, computer equipment and storage medium |
| CN114039873A (en) * | 2021-11-09 | 2022-02-11 | 北京天融信网络安全技术有限公司 | Auditing method and operation and maintenance safety auditing system for client type |
| CN114039873B (en) * | 2021-11-09 | 2023-11-28 | 北京天融信网络安全技术有限公司 | Audit method and operation and maintenance security audit system aiming at client type |
| CN116760648A (en) * | 2023-08-22 | 2023-09-15 | 上海金电网安科技有限公司 | Security service method, device, electronic equipment and storage medium |
| CN116760648B (en) * | 2023-08-22 | 2023-11-17 | 上海金电网安科技有限公司 | Security service method, device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110619206B (en) | 2024-04-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110619206B (en) | Operation and maintenance risk control method, system, equipment and computer readable storage medium | |
| CN113239344B (en) | Access right control method and device | |
| CN111343168B (en) | Identity authentication method and device, computer equipment and readable storage medium | |
| CN109587233B (en) | Multi-cloud container management method, device and computer-readable storage medium | |
| CN110049048B (en) | Data access method, equipment and readable medium for government affair public service | |
| CN113132402B (en) | Single sign-on method and system | |
| CN115203653A (en) | Associating user accounts with enterprise workspaces | |
| US20150304435A1 (en) | Expected location-based access control | |
| CN110162994A (en) | Authority control method, system, electronic equipment and computer readable storage medium | |
| US10650153B2 (en) | Electronic document access validation | |
| US20220334896A1 (en) | Managing and Routing Messages to Distributed User Devices in an Enterprise Computing Environment | |
| CN113055185A (en) | Token-based authentication method and device, storage medium and electronic device | |
| CN109558710B (en) | User login method, device, system and storage medium | |
| CN114422197A (en) | Permission access control method and system based on policy management | |
| US10735423B2 (en) | User authentication and authorization system for a mobile application | |
| CN115174177B (en) | Rights management method, device, electronic apparatus, storage medium, and program product | |
| CN115242433B (en) | Data processing method, system, electronic device and computer readable storage medium | |
| CN112583890B (en) | Message pushing method and device based on enterprise office system and computer equipment | |
| US11102188B2 (en) | Multi-tenant enterprise application management | |
| CN114969045A (en) | Account creating method, Internet of things multi-tenant system, equipment, program and medium | |
| JP2016502203A (en) | Control your online trading platform account | |
| CN113472781A (en) | Service acquisition method, server and computer readable storage medium | |
| CN112800463B (en) | Information processing method, device and system | |
| CN114095230B (en) | Data processing method, device, computer equipment and storage medium | |
| CN111865938B (en) | Login method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |