CN111428252B - User authority control method and device - Google Patents

User authority control method and device Download PDF

Info

Publication number
CN111428252B
CN111428252B CN202010205324.4A CN202010205324A CN111428252B CN 111428252 B CN111428252 B CN 111428252B CN 202010205324 A CN202010205324 A CN 202010205324A CN 111428252 B CN111428252 B CN 111428252B
Authority
CN
China
Prior art keywords
user
target
information
authority
application program
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010205324.4A
Other languages
Chinese (zh)
Other versions
CN111428252A (en
Inventor
朱传奇
李涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Apas Digital Cloud Information Technology Co ltd
Original Assignee
Zhengzhou Apas Digital Cloud Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Apas Digital Cloud Information Technology Co ltd filed Critical Zhengzhou Apas Digital Cloud Information Technology Co ltd
Priority to CN202010205324.4A priority Critical patent/CN111428252B/en
Publication of CN111428252A publication Critical patent/CN111428252A/en
Application granted granted Critical
Publication of CN111428252B publication Critical patent/CN111428252B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Abstract

One embodiment of the present specification provides a user right control method and device, where the method includes: the method comprises the steps of firstly obtaining authority description information in a code of a target application program, and then generating a first corresponding relation table between user role information and target operation execution authority information according to executable user role information corresponding to target user operation. And finally, after a trigger request of the target user for the target application operation is obtained, judging whether the target user can execute the corresponding operation according to the trigger request, the first corresponding relation table, the second corresponding relation table and the execution condition information corresponding to the target user operation so as to control the authority of the target user. Through this embodiment, can improve the degree of automation who carries out authority control to the user, reduce manual operation, reduce manual work volume and error rate.

Description

User authority control method and device
Technical Field
The present document relates to the technical field of servers, and in particular, to a method and an apparatus for controlling user permissions.
Background
Many applications in current internet technology rely on back-end servers to provide services remotely. In order to ensure data security of the service and avoid information risk, a backend server of many application programs performs authority check and control on a user using the application program.
The user right control method provided by the prior art has the following flows: and the operation and maintenance personnel of the application program manually design the authority management scheme of the user according to the requirement of the application program, and manually input the authority management scheme of the user in the authority management background, wherein the authority management scheme of the user is used for representing the operation which can be executed by each user in the process of using the application program. When the user uses the application program, the authority management background controls the user authority according to the authority management scheme of the user, which is input in advance. Therefore, the user authority control method in the prior art mainly depends on manual operation of operation and maintenance personnel, and has the problems of large workload and high possibility of manual error.
Disclosure of Invention
An embodiment of the present specification aims to provide a user right control method and device, so as to solve the problems that the user right control method in the prior art mainly depends on manual operation, the workload is large, and manual work is prone to error.
To solve the above technical problem, one embodiment of the present specification is implemented as follows:
in a first aspect, an embodiment of the present specification provides a user authority control method, including:
acquiring authority description information recorded in a code of a target application program; the target application program has a plurality of target user operations to be subjected to authority verification, and the authority description information is used for describing executable user role information corresponding to each target user operation and execution condition information corresponding to each target user operation;
generating a first corresponding relation table between user role information and target operation execution authority information according to executable user role information corresponding to each target user operation, wherein the target operation execution authority information is used for representing the target user operation of which the corresponding user role has execution authority;
acquiring a second corresponding relation table between the user role information and the user identification which are established for the target application program:
after a trigger request of a target user for a first user operation in the target application operation is acquired, whether the target user can execute the first user operation is judged according to the trigger request, the first corresponding relation table, the second corresponding relation table and execution condition information corresponding to each target user operation, so that authority control is performed on the target user.
In a second aspect, another embodiment of the present specification provides a user right control device, including:
the first acquisition module is used for acquiring authority description information recorded in a code of a target application program; the target application program has a plurality of target user operations to be subjected to authority verification, and the authority description information is used for describing executable user role information corresponding to each target user operation and execution condition information corresponding to each target user operation;
the first generation module is used for generating a first corresponding relation table between user role information and target operation execution authority information according to executable user role information corresponding to each target user operation, wherein the target operation execution authority information is used for representing the target user operation of which the corresponding user role has execution authority;
the second acquisition module is used for acquiring a second corresponding relation table between the user role information and the user identification which are established for the target application program;
and the operation judgment module is used for judging whether the target user can execute the first user operation according to the trigger request, the first corresponding relation table, the second corresponding relation table and the execution condition information corresponding to each target user operation after the trigger request of the target user for the first user operation in the target application operation is obtained so as to control the authority of the target user.
In a third aspect, a further embodiment of the present specification provides a user authority control device, including: a memory, a processor and computer executable instructions stored on the memory and executable on the processor, the computer executable instructions when executed by the processor implementing the steps of the user entitlement control method as described in the first aspect above.
In a fourth aspect, a further embodiment of the present specification provides a computer-readable storage medium for storing computer-executable instructions which, when executed by a processor, implement the steps of the user right control method according to the first aspect.
In this embodiment, permission description information recorded in a code of a target application program is first obtained, where the permission description information is used to describe executable user role information corresponding to a target user operation to be subjected to permission verification in the target application program and execution condition information corresponding to the target user operation, a first correspondence table between the user role information and the target operation execution permission information is then generated according to the executable user role information corresponding to the target user operation, a second correspondence table between pre-created user role information and a user identifier is then obtained, and finally, after a trigger request of the target user for the target application operation is obtained, whether the target user can execute a corresponding operation is determined according to the trigger request, the first correspondence table, the second correspondence table and the execution condition information corresponding to the target user operation, so as to perform permission control on the target user. Therefore, through the embodiment, the automation degree of authority control of the user can be improved, manual operation is reduced, and the manual workload and the error rate are reduced.
Drawings
In order to more clearly illustrate the technical solutions in one or more embodiments of the present disclosure, the drawings needed to be used in the embodiments or the prior art descriptions will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present disclosure, and for those skilled in the art, other drawings can be obtained according to these drawings without any creative effort.
Fig. 1 is a schematic flowchart of a user right control method according to an embodiment of the present disclosure;
FIG. 2 is a block diagram of a user right control device according to an embodiment of the present disclosure;
fig. 3 is a schematic structural diagram of a user authority control device according to an embodiment of the present specification.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in one or more embodiments of the present disclosure, the technical solutions in one or more embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in one or more embodiments of the present disclosure, and it is obvious that the described embodiments are only a part of the embodiments of the present disclosure, and not all embodiments. All other embodiments that can be derived by a person skilled in the art from one or more of the embodiments described herein without making any inventive step shall fall within the scope of protection of this document.
Fig. 1 is a schematic flowchart of a user right control method provided in an embodiment of this specification, where the method may be applied to a background server for performing right management, as shown in fig. 1, the process includes the following steps:
step S102, acquiring authority description information recorded in a code of a target application program; the target application program has a plurality of target user operations to be subjected to authority verification, and the authority description information is used for describing executable user role information corresponding to each target user operation and execution condition information corresponding to each target user operation;
step S104, generating a first corresponding relation table between user role information and target operation execution authority information according to executable user role information corresponding to each target user operation, wherein the target operation execution authority information is used for representing the target user operation of which the corresponding user role has execution authority;
step S106, a second corresponding relation table between the user role information and the user identification which are established for the target application program is obtained;
step S108, after acquiring a trigger request of a target user for a first user operation in the target application operation, judging whether the target user can execute the first user operation according to the trigger request, the first corresponding relation table, the second corresponding relation table and the execution condition information corresponding to each target user operation, so as to perform authority control on the target user.
In this embodiment, permission description information recorded in a code of a target application program is first obtained, where the permission description information is used to describe executable user role information corresponding to a target user operation to be subjected to permission verification in the target application program and execution condition information corresponding to the target user operation, a first correspondence table between the user role information and the target operation execution permission information is then generated according to the executable user role information corresponding to the target user operation, a second correspondence table between pre-created user role information and a user identifier is then obtained, and finally, after a trigger request of the target user for the target application operation is obtained, whether the target user can execute a corresponding operation is determined according to the trigger request, the first correspondence table, the second correspondence table and the execution condition information corresponding to the target user operation, so as to perform permission control on the target user. Therefore, through the embodiment, the automation degree of authority control of the user can be improved, manual operation is reduced, and the manual workload and the error rate are reduced.
In this embodiment, the target application program is an application program operated by a plurality of target users to be subjected to permission verification. For example, the target application is specifically implemented as a commodity management platform, and the commodity management platform has a plurality of target user operations to be subjected to authority verification, where the target user operations may be, for example, a commodity inventory check operation, a commodity addition operation, a commodity deletion operation, and the like. For another example, the target application is specifically implemented as a human management platform, and the human management platform has a plurality of target user operations to be subjected to authority verification, where the target user operations may be, for example, a human add operation, a human wait change operation, a human delete operation, and the like.
In this embodiment, in order to facilitate controlling the user right, a developer may add right description information to a code (for example, a source code) of a target application in advance. The authority description information is used for describing executable user role information corresponding to each target user operation and execution condition information corresponding to each target user operation. Specifically, the developer may add executable user role information and execution condition information corresponding to each target user operation before or after each code representing the target user operation. The executable user role information indicates a user role that allows the target user operation to be performed, and the execution condition information indicates an execution condition that the user role that allows the target user operation to be performed needs to satisfy when performing the operation. The user role may be, for example, "normal user", "advanced user", "administrator", and the like.
When a developer adds authority description information in a code of a target application program, if the code language of the target application program supports a native annotation language, the developer can add the authority description information through the annotation language, and if the code language of the target application program does not support the native annotation language, the developer can add the authority description information in a mode of adding an annotation.
In one example, the authority description information added based on the annotation mode is specifically:
@ Authentication (Auth =1, name = account balance (virtual), js: general user, administrator, super administrator, type = UserID, desc = user only logged on and can only see his balance, error = '/403')
Figure BDA0002419529330000051
In the above example, the annotation name is defined as: @ Authentication
The specific meanings of the parameters in the permission description information are as follows:
auth: validation switch, values such as: 1 for on (default) and 0 for off;
name: a verification name representing a rights name;
js: an authentication role representing a user role that is allowed to perform the operation;
type: the authentication type indicates the requirements to be met by the allowed user role when performing the operation, for example, the UserID indicates that own data must be accessed:
desc: the verification description is used for describing the requirements to be met when the allowed user role executes the operation in detail and is used as reference information for convenient permission allocation after reporting;
error: and error feedback, which represents a feedback mode after the authority verification fails.
The authority description information in the above example indicates that when executing a corresponding class (Public String UserInfo), authority verification is already started, the authority name to be verified is an account balance, only the common user, the administrator and the super administrator are allowed to execute user operations corresponding to the class, when the common user, the administrator and the super administrator execute the user operations corresponding to the class, the common user, the administrator and the super administrator can only check own balance data after logging in, and if the verification fails, the method 403 is entered.
It can be seen that the executable user role information in the rights description information in this example includes "normal user", "administrator", "super administrator", and the execution condition information is: "the logged-in user can and can only view the user's own account balance information".
In step S102, the background server performing rights management acquires rights description information recorded in the code of the target application, specifically:
(a1) After the target application program is started, a code directory of the target application program is obtained based on a reflection technology, the position of the authority description information in the code of the target application program is located according to the code directory, and the authority description information is extracted from the code of the target application program according to the position.
Alternatively, the first and second electrodes may be,
(a2) Before the target application program is started, scanning each line of codes of the target application program through a preset script to position the authority description information in the codes of the target application program, and extracting the authority description information from the codes of the target application program according to the position.
In the case that the code language of the target application program supports the native annotation language, the developer may add the rights description information through the annotation language, and in this step, the rights description information is acquired by using the action (a 1) accordingly. Specifically, the annotation is an annotation mechanism, a class, a method, a variable, a parameter, a package, and the like in a code language of the target application program can be annotated, and in action (a 1), after the user starts the target application program, a code directory of the target application program can be obtained through a reflection technique, positions of all right description information are obtained by querying from the code directory, and the right description information in the code of the target application program is extracted according to the positions.
In the case that the code language of the target application program does not support the native annotation language, the developer may add the rights description information by adding an annotation. In this step, the right description information is acquired by correspondingly adopting the action (a 2). Specifically, in the action (a 2), before the target application is started, a preset script in the background server scans all codes of the target application line by line, so as to determine the position of the authority description information, and the authority description information is extracted from the codes of the target application according to the position.
Of course, the action (a 2) may also occur after the target application is started, for example, after the target application is started, a preset script in the backend server scans all codes of the target application line by line, so as to determine the location of the permission description information, and extract the permission description information from the codes of the target application according to the location. It can be understood that when the developer adds the rights description information through the annotation language, the rights description information can also be extracted in the manner of (a 2) described above.
In one example, after the rights expression information is extracted, the rights expression information is also stored in an array form. Therefore, according to the embodiment, the authority description information can be extracted from the code of the target application program according to the mode of adding the authority description information by the developer, so that the authority description information can be extracted and obtained in different scenes.
In this embodiment, after the permission description information recorded in the code of the target application program is acquired, a corresponding table may be generated based on the executable user role information and the execution condition information recorded in the permission description information. The corresponding table is used for recording the operation name of each target user operation, the allowed user role and the execution condition of the user role. The table can be shown in table 1, for example.
TABLE 1
Figure BDA0002419529330000071
Further, in step S104, a first correspondence table between the user role information and the target operation execution authority information is generated according to the executable user role information corresponding to each target user operation, where the target operation execution authority information is used to indicate the target user operation having the execution authority corresponding to the user role. The method comprises the following steps:
(b1) And determining the target user operation with the execution authority of each user role information according to the executable user role information corresponding to each target user operation.
(b2) And generating target operation execution authority information corresponding to each user role information according to the target user operation with the execution authority of each user role information.
(b3) And generating a first corresponding relation table between the user role information and the target operation execution authority information according to the target operation execution authority information corresponding to each user role information.
Specifically, in the act (b 1), the target user operation having the execution authority of each user role information is determined according to the executable user role information corresponding to the target user operation. For example, in table 1 above, "product inventory check" corresponds to "general user, administrator, super administrator", "product inventory edit" corresponds to "general user, administrator", "product inventory delete" corresponds to "super administrator", it can be determined that the target user with execution authority of "general user" operates as "product inventory check", "target user with execution authority of" administrator "operates as" product inventory check "and" product inventory edit ", and the target user with execution authority of" super administrator "operates as" product inventory check "," product inventory edit ", and" product inventory delete ".
In the operation (b 2), target operation execution authority information corresponding to each user role information is generated based on the target user operation having the execution authority of each user role information. The target operation execution authority information is used for representing the target user operation with the execution authority corresponding to the user role. In the above example, since the target user with the execution authority of the "general user" operates "commodity inventory check", the corresponding target operation execution authority information is generated for the user role information "general user" as "capable of executing commodity inventory check operation", and similarly, the corresponding target operation execution authority information is generated for the user role information "administrator" as "capable of executing commodity inventory check operation and commodity inventory edit operation", and the corresponding target operation execution authority information is generated for the user role information "super administrator" as "capable of executing commodity inventory check operation, commodity inventory edit operation and commodity inventory delete operation".
In the action (b 3), according to each user role and the corresponding target operation execution authority information, the background server generates a first corresponding relation table between the user role information and the target operation execution authority information, and the first corresponding relation table can be stored in a text data form. For example, as shown in table 2 below, the first correspondence table of each functional module of the target application may be merged into the first correspondence table of the target application as the first correspondence table of the product inventory management system module in the product management platform.
TABLE 2
Function(s) Commodity inventory viewing Commodity inventory editing Commodity inventory deletion
General users
Administrator
Super manager
Therefore, according to the embodiment, the first corresponding relation table between the user role information and the target operation execution permission information can be automatically generated based on the permission description information, and the problems of large workload and complicated operation in manually establishing the corresponding relation between the user role and the user permission are solved.
After the first correspondence table is generated, step S106 is also executed. In step S106, a second correspondence table between the user role information and the user identifier created for the target application program is obtained, where the second correspondence table is used to record a correspondence between the user role information and the user identifier. The second mapping relation table is specifically created by the following steps:
(c1) And determining the generation time of each user identifier of the target application program, and determining the priority of each user identifier of the target application program according to the generation time.
(c2) And determining user role information corresponding to each user identifier of the target application program according to the priority to generate a second corresponding relation table between the user role information and the user identifiers.
Specifically, in act (c 1), the generation time of each user identification of the target application is determined. In one illustration, the generation time of the user identifier is the creation time of the user identifier, and generally, the more important the user is, the earlier the user identifier is created. Therefore, in the action (c 1), the priority of each user identifier of the target application program is determined according to the generation time of the user identifier, for example, the earlier the generation time of the user identifier is, the higher the corresponding priority is. The user identification may be a login ID of the user when logging in the target application.
In the act (c 2), corresponding user role information is determined for each user identification information according to the priority level of the user identification, and a second correspondence table between the user role information and the user identification is generated. In an automatic scheme for determining user role information corresponding to a user identifier, priority levels can be divided into multiple categories according to the priority levels of the user identifiers and the number of user roles of a target application program, the number of the categories is equal to the number of the user roles, and therefore the user identifiers corresponding to the same category correspond to the same user role. In an example, assuming that the number of user roles of the target application is three, it may be determined that user role information corresponding to a user identifier with a priority higher than a certain level is highest-level user role information of the target application, such as a super administrator of the target application, user role information corresponding to a user identifier with a priority within a certain level interval is second-level user role information of the target application, such as an administrator of the target application, and user role information corresponding to a user identifier with a priority lower than a certain level is lowest-level user role information of the target application, such as a normal user of the target application. Table 3 is an exemplary table of a second correspondence table between the user id and the user role information.
TABLE 3
User ID User roles
A General users
B Administrator
C Super manager
…… Corresponding role
Therefore, according to the embodiment, the corresponding relation table between the user identifier and the user role information can be automatically generated according to the generation time of the user identifier, and the process of manually establishing the corresponding relation between the user identifier and the user role information is omitted. Of course, in other embodiments, the second correspondence table may also be manually established.
And after the second corresponding relation table is created, executing step S106, and in step S106, after the user starts the target application program, the background server acquires the second corresponding relation table by using a preset script.
In the step S108, determining whether the target user can execute the first user operation according to the trigger request of the user, the first corresponding relationship table, the second corresponding relationship table, and the execution condition information corresponding to each target user operation includes:
(d1) And extracting the user identification of the target user from the trigger request, acquiring the user role information of the target user according to the user identification of the target user and the second corresponding relation table, and acquiring the target operation execution authority information corresponding to the target user according to the user role information of the target user and the first corresponding relation table.
(d2) And if the target operation execution authority information corresponding to the target user indicates that the user role of the target user has the authority of executing the first user operation, extracting the execution condition information corresponding to the first user operation from the execution condition information corresponding to each target user operation.
(d3) And extracting an operation execution parameter from the trigger request, and if the operation execution parameter is matched with the execution condition information corresponding to the first user operation, determining that the target user can execute the first user operation.
Specifically, in the action (d 1), the background server receives a trigger request of the target user for a first user operation in the target application operations, where the trigger request may be sent by an http post method, such as receiving a click request of the target user for a "balance view" button in the target application program. And the background server acquires the user identification of the target user from the trigger request, and searches the user identification of the target user and the corresponding user role information in a second correspondence table acquired in advance. After the user role information of the target user is acquired, the background server searches target operation execution permission information corresponding to the user role information of the target user in a first correspondence table acquired in advance, so that whether the target user has permission to execute the first user operation or not is acquired.
In the action (d 2), after obtaining the target operation execution permission information corresponding to the target user, the background server determines whether the operation execution permission of the target user includes a permission to execute the first user operation, if so, the target user has a permission to execute the first user operation, and obtains the execution condition information corresponding to the first user operation from the execution condition information corresponding to each target operation.
In action (d 3), the background server obtains the operation execution parameter of the target user from the trigger request, where the operation execution parameter may be, for example, a home party of the data to be viewed by the target user, and the like. Then, comparing the operation execution parameter of the target user with the execution condition information corresponding to the first user operation, if the operation execution parameter is matched with the execution condition information corresponding to the first user operation, determining that the target user can execute the first user operation, sending a response message allowing the target user to execute the first user operation to the target application program by the background server, allowing the target user to execute the first user operation after receiving the response message by the target application program, and if the operation execution parameter is not matched with the execution condition information corresponding to the first user operation, sending a corresponding Error message to the target application program by the background server according to the field content of the 'Error' field recorded in the execution condition information corresponding to the first user operation, thereby realizing the authority control aiming at the user. In one example, the matching of the operation execution parameter and the execution condition information corresponding to the first user operation means that the operation execution parameter conforms to the execution condition corresponding to the first user operation.
In an example of this embodiment, after obtaining the permission description information recorded in the code of the target application, the background server performs format conversion on the permission description information according to a data receiving format requirement corresponding to the data receiving process, and sends the information after the format conversion to the data receiving process through the data sending process. And performing format conversion on the received information through a data receiving process according to the data storage format requirement corresponding to the target database, and storing the information after the format conversion in the target database.
Specifically, after the background server acquires the permission description information recorded in the code of the target application program in one of the two schemes described in step S102, the permission description information is converted into a format that is agreed with the data receiving process in advance, where the data receiving process may be located inside the background server or outside the background server. And after the authority description information is converted into the corresponding format, the background server sends the information to the data receiving process through the data sending process. The sending process should comply with security conventions, such as transmitting data in a public network environment, and the data content should be encrypted. The encryption mode may be symmetric encryption or asymmetric encryption, the symmetric encryption usually adopts AES or DES algorithm, and the asymmetric encryption usually adopts public key encryption and private key decryption, which is not limited herein. When the data sending process sends information to the data receiving process, the information can be sent in a http post request mode.
In a specific example, after acquiring the permission description information, the data sending process in the background server generates data in a text form, where the data includes a method or class list to be verified and the permission description information, and includes information of a target application, such as an application name, and a naming mode of the application name should conform to a uniform specification, different applications can be distinguished by names, functions or capabilities of the applications can be known by names, and the data is generally described using english. The nomenclature is typically stored into configuration information or environment variables. The data sending process converts the data into a data content format agreed with the data receiving process in advance. Such as json, the sample format is expressed as follows:
Figure BDA0002419529330000111
Figure BDA0002419529330000121
the information indicates that: in the application user _ system, there are two links that need to be verified, namely, account balance and account balance history, and the verification logic is that the user must have logged in and has the authority of the two verification links, and is to view the own information of the user. The authority name and display information of the verification end are shown in the fields of name and desc.
And after receiving the information, the data receiving process converts the format of the received information according to the data storage format requirement corresponding to the target database, and transmits the authority description information after format conversion to the target database for storage. The target database can be a document type database, and a scheme which is widely and mature in application in the industry, such as MongoDB, couchDB and the like, can be selected. The target database can store authority description information of a plurality of application programs, when the target database stores the authority description information, whether the authority description information is the first authority report of the corresponding application program is judged, if the first authority report is carried out, the information is directly stored through a database interface, and if the reported historical information is not required to be updated or deleted for the first report, new information is stored in the database.
Therefore, when the authority description information is stored in the target database, the authority description information can be reported and stored when the authority description information is newly added, and the authority description information can also be reported and stored when the authority description information is changed, so that the automatic maintenance of the authority when the authority is newly added and updated is realized.
In summary, the method in this embodiment at least has the following technical effects:
(1) The manual operation amount of operators in the user authority control scheme can be reduced, the workload is reduced, the probability of manual errors is reduced, and the development efficiency is improved;
(2) The automation degree of the user authority control scheme can be improved, the structure of a user authority control system is simplified, resources consumed in the early preparation link are reduced, and the stability degree of the running application program is improved;
(3) The problems that operation and maintenance personnel need to readjust and input the authority management scheme and adjust the authority system and the authority management background when the authority is increased and changed, the involvement link is more, the maintenance workload is large, and manual work is prone to error can be solved;
(4) The method can be used for various programming languages, and the native or non-native annotation supporting language can be applied;
(5) The method can be used for designing an authority platform for automatically reporting and verifying the authority and simultaneously supporting the management of a plurality of applications.
FIG. 2 is a block diagram of a user right control device according to an embodiment of the present disclosure; as shown in fig. 2, the apparatus includes:
a first obtaining module 21, configured to obtain permission description information recorded in a code of a target application; the target application program has a plurality of target user operations to be subjected to authority verification, and the authority description information is used for describing executable user role information corresponding to each target user operation and execution condition information corresponding to each target user operation;
a first generating module 22, configured to generate a first correspondence table between user role information and target operation execution permission information according to executable user role information corresponding to each target user operation, where the target operation execution permission information is used to indicate a target user operation for which a corresponding user role has an execution permission;
a second obtaining module 23, configured to obtain a second correspondence table between the user role information and the user identifier that are created for the target application program;
the operation determining module 24 is configured to, after acquiring a trigger request of a target user for a first user operation in the target application operation, determine whether the target user can execute the first user operation according to the trigger request, the first correspondence table, the second correspondence table, and execution condition information corresponding to each target user operation, so as to perform permission control on the target user.
Optionally, the operation determining module 24 is specifically configured to: extracting the user identification of the target user from the trigger request, acquiring the user role information of the target user according to the user identification of the target user and the second corresponding relation table, and acquiring the target operation execution authority information corresponding to the target user according to the user role information of the target user and the first corresponding relation table; if the target operation execution authority information corresponding to the target user indicates that the user role of the target user has the authority of executing the first user operation, extracting the execution condition information corresponding to the first user operation from the execution condition information corresponding to each target user operation; and extracting an operation execution parameter from the trigger request, and if the operation execution parameter is matched with the execution condition information corresponding to the first user operation, determining that the target user can execute the first user operation.
Optionally, the first generating module 22 is specifically configured to: determining the target user operation with execution authority of each user role information according to the executable user role information corresponding to each target user operation; generating target operation execution authority information corresponding to each user role information according to the target user operation with execution authority of each user role information; and generating a first corresponding relation table between the user role information and the target operation execution authority information according to the target operation execution authority information corresponding to each user role information.
Optionally, the apparatus further comprises a second generating module, configured to: determining the generation time of each user identifier of the target application program, and determining the priority of each user identifier of the target application program according to the generation time; and determining user role information corresponding to each user identifier of the target application program according to the priority so as to generate a second corresponding relation table between the user role information and the user identifiers.
Optionally, the first obtaining module 21 is specifically configured to: after the target application program is started, acquiring a code directory of the target application program based on a reflection technology, positioning the position of the authority description information in the code of the target application program according to the code directory, and extracting the authority description information from the code of the target application program according to the position; or scanning each line of codes of the target application program through a preset script before the target application program is started to position the authority description information in the codes of the target application program, and extracting the authority description information from the codes of the target application program according to the position.
Optionally, the apparatus further comprises an information transfer module configured to: after acquiring the authority description information recorded in the code of the target application program, carrying out format conversion on the authority description information according to a data receiving format requirement corresponding to a data receiving process, and sending the information after the format conversion to the data receiving process through a data sending process; and performing format conversion on the received information through the data receiving process according to the data storage format requirement corresponding to the target database, and storing the information after the format conversion in the target database.
In this embodiment, permission description information recorded in a code of a target application program is first obtained, where the permission description information is used to describe executable user role information corresponding to a target user operation to be subjected to permission verification in the target application program and execution condition information corresponding to the target user operation, a first correspondence table between the user role information and the target operation execution permission information is then generated according to the executable user role information corresponding to the target user operation, a second correspondence table between pre-created user role information and a user identifier is then obtained, and finally, after a trigger request of the target user for the target application operation is obtained, whether the target user can execute a corresponding operation is determined according to the trigger request, the first correspondence table, the second correspondence table and the execution condition information corresponding to the target user operation, so as to perform permission control on the target user. Therefore, through the embodiment, the automation degree of authority control of the user can be improved, manual operation is reduced, and the manual workload and the error rate are reduced.
The user right control device provided in an embodiment of the present specification can implement the processes in the foregoing method embodiments, and achieve the same functions and effects, which are not repeated here.
Further, an embodiment of the present specification further provides a user right control device, and fig. 3 is a schematic structural diagram of the user right control device provided in the embodiment of the present specification. As shown in fig. 3, the apparatus includes: memory 301, processor 302, bus 303, and communication interface 304. The memory 301, processor 302, and communication interface 304 communicate via bus 303, and the communication interface 304 may include input and output interfaces including, but not limited to, a keyboard, mouse, display, microphone, and the like.
In fig. 3, the memory 301 stores thereon computer-executable instructions executable on the processor 302, and when executed by the processor 302, the following process is implemented:
acquiring authority description information recorded in a code of a target application program; the target application program has a plurality of target user operations to be subjected to authority verification, and the authority description information is used for describing executable user role information corresponding to each target user operation and execution condition information corresponding to each target user operation;
generating a first corresponding relation table between user role information and target operation execution authority information according to executable user role information corresponding to each target user operation, wherein the target operation execution authority information is used for representing the target user operation of which the corresponding user role has execution authority;
acquiring a second corresponding relation table between the user role information and the user identification which are established for the target application program;
after a trigger request of a target user for a first user operation in the target application operation is acquired, whether the target user can execute the first user operation is judged according to the trigger request, the first corresponding relation table, the second corresponding relation table and execution condition information corresponding to each target user operation, so that authority control is performed on the target user.
Optionally, when the computer-executable instruction is executed by the processor, determining whether the target user can execute the first user operation according to the trigger request, the first corresponding relationship table, the second corresponding relationship table, and the execution condition information corresponding to each target user operation, where the determining includes: extracting the user identification of the target user from the trigger request, acquiring the user role information of the target user according to the user identification of the target user and the second corresponding relation table, and acquiring the target operation execution authority information corresponding to the target user according to the user role information of the target user and the first corresponding relation table; if the target operation execution authority information corresponding to the target user indicates that the user role of the target user has the authority of executing the first user operation, extracting the execution condition information corresponding to the first user operation from the execution condition information corresponding to each target user operation; and extracting an operation execution parameter from the trigger request, and if the operation execution parameter is matched with the execution condition information corresponding to the first user operation, determining that the target user can execute the first user operation.
Optionally, when the computer executable instruction is executed by the processor, according to executable user role information corresponding to each target user operation, a first correspondence table between the user role information and target operation execution permission information is generated, where the first correspondence table includes: determining the target user operation with execution authority of each user role information according to the executable user role information corresponding to each target user operation; generating target operation execution authority information corresponding to each user role information according to the target user operation with execution authority of each user role information; and generating a first corresponding relation table between the user role information and the target operation execution authority information according to the target operation execution authority information corresponding to each user role information.
Optionally, when the computer executable instructions are executed by the processor, the second correspondence table is created by: determining the generation time of each user identifier of the target application program, and determining the priority of each user identifier of the target application program according to the generation time; determining user role information corresponding to each user identifier of the target application program according to the priority so as to generate a second corresponding relation table between the user role information and the user identifiers
Optionally, when executed by the processor, the computer-executable instructions obtain rights expression information recorded in code of a target application program, including: after the target application program is started, acquiring a code directory of the target application program based on a reflection technology, positioning the position of the authority description information in the code of the target application program according to the code directory, and extracting the authority description information from the code of the target application program according to the position; or scanning each line of codes of the target application program through a preset script before the target application program is started to position the authority description information in the codes of the target application program, and extracting the authority description information from the codes of the target application program according to the position.
Optionally, the computer executable instructions, when executed by the processor, further comprise: after acquiring the authority description information recorded in the code of the target application program, carrying out format conversion on the authority description information according to a data receiving format requirement corresponding to a data receiving process, and sending the information after the format conversion to the data receiving process through a data sending process; and performing format conversion on the received information through the data receiving process according to the data storage format requirement corresponding to the target database, and storing the information after the format conversion in the target database.
In this embodiment, permission description information recorded in a code of a target application program is first obtained, where the permission description information is used to describe executable user role information corresponding to a target user operation to be subjected to permission verification in the target application program and execution condition information corresponding to the target user operation, a first correspondence table between the user role information and the target operation execution permission information is then generated according to the executable user role information corresponding to the target user operation, a second correspondence table between pre-created user role information and a user identifier is then obtained, and finally, after a trigger request of the target user for the target application operation is obtained, whether the target user can execute a corresponding operation is determined according to the trigger request, the first correspondence table, the second correspondence table and the execution condition information corresponding to the target user operation, so as to perform permission control on the target user. Therefore, through the embodiment, the automation degree of authority control of the user can be improved, manual operation is reduced, and the manual workload and the error rate are reduced.
The user right control device provided in an embodiment of the present specification can implement the processes in the foregoing method embodiments, and achieve the same functions and effects, which are not repeated here.
Further, another embodiment of the present specification also provides a computer-readable storage medium for storing computer-executable instructions, which when executed by a processor implement the following process:
acquiring authority description information recorded in a code of a target application program; the target application program has a plurality of target user operations to be subjected to authority verification, and the authority description information is used for describing executable user role information corresponding to each target user operation and execution condition information corresponding to each target user operation;
generating a first corresponding relation table between user role information and target operation execution authority information according to executable user role information corresponding to each target user operation, wherein the target operation execution authority information is used for representing the target user operation of which the corresponding user role has execution authority;
acquiring a second corresponding relation table between the user role information and the user identification which are established for the target application program;
after a trigger request of a target user for a first user operation in the target application operation is acquired, whether the target user can execute the first user operation is judged according to the trigger request, the first corresponding relation table, the second corresponding relation table and execution condition information corresponding to each target user operation, so that authority control is performed on the target user.
Optionally, when the computer-executable instruction is executed by a processor, determining whether the target user can execute the first user operation according to the trigger request, the first corresponding relationship table, the second corresponding relationship table, and the execution condition information corresponding to each target user operation, where the determining includes: extracting the user identification of the target user from the trigger request, acquiring the user role information of the target user according to the user identification of the target user and the second corresponding relation table, and acquiring the target operation execution authority information corresponding to the target user according to the user role information of the target user and the first corresponding relation table; if the target operation execution authority information corresponding to the target user indicates that the user role of the target user has the authority of executing the first user operation, extracting the execution condition information corresponding to the first user operation from the execution condition information corresponding to each target user operation; and extracting an operation execution parameter from the trigger request, and if the operation execution parameter is matched with the execution condition information corresponding to the first user operation, determining that the target user can execute the first user operation.
Optionally, when the computer executable instruction is executed by the processor, a first correspondence table between user role information and target operation execution permission information is generated according to executable user role information corresponding to each target user operation, where the first correspondence table includes: determining the target user operation with execution authority of each user role information according to the executable user role information corresponding to each target user operation; generating target operation execution authority information corresponding to each user role information according to the target user operation with execution authority of each user role information; and generating a first corresponding relation table between the user role information and the target operation execution authority information according to the target operation execution authority information corresponding to each user role information.
Optionally, when the computer executable instructions are executed by a processor, the second correspondence table is created by: determining the generation time of each user identifier of the target application program, and determining the priority of each user identifier of the target application program according to the generation time; and determining user role information corresponding to each user identifier of the target application program according to the priority so as to generate a second corresponding relation table between the user role information and the user identifiers.
Optionally, when executed by the processor, the computer-executable instructions obtain rights expression information recorded in the code of the target application program, including: after the target application program is started, acquiring a code directory of the target application program based on a reflection technology, positioning the position of the authority description information in the code of the target application program according to the code directory, and extracting the authority description information from the code of the target application program according to the position; or scanning each line of codes of the target application program through a preset script before the target application program is started to position the authority description information in the codes of the target application program, and extracting the authority description information from the codes of the target application program according to the position.
Optionally, the computer executable instructions, when executed by the processor, further comprise: after acquiring the authority description information recorded in the code of the target application program, carrying out format conversion on the authority description information according to a data receiving format requirement corresponding to a data receiving process, and sending the information after the format conversion to the data receiving process through a data sending process; and performing format conversion on the received information through the data receiving process according to the data storage format requirement corresponding to the target database, and storing the information after the format conversion in the target database.
In this embodiment, permission description information recorded in a code of a target application program is first obtained, where the permission description information is used to describe executable user role information corresponding to a target user operation to be subjected to permission verification in the target application program and execution condition information corresponding to the target user operation, a first correspondence table between the user role information and the target operation execution permission information is then generated according to the executable user role information corresponding to the target user operation, a second correspondence table between pre-created user role information and a user identifier is then obtained, and finally, after a trigger request of the target user for the target application operation is obtained, whether the target user can execute a corresponding operation is determined according to the trigger request, the first correspondence table, the second correspondence table and the execution condition information corresponding to the target user operation, so as to perform permission control on the target user. Therefore, through the embodiment, the automation degree of authority control of the user can be improved, manual operation is reduced, and the manual workload and the error rate are reduced.
The storage medium provided in an embodiment of the present specification can implement the respective processes in the foregoing method embodiments, and achieve the same functions and effects, and will not be repeated here.
The computer-readable storage medium includes a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is only an example of the present specification and is not intended to limit the present document. Various modifications and changes may occur to the embodiments described herein, as will be apparent to those skilled in the art. Any modifications, equivalents, improvements, etc. which come within the spirit and principle of the disclosure are intended to be included within the scope of the claims of this document.

Claims (8)

1. A method for controlling user rights, comprising:
acquiring authority description information recorded in a code of a target application program; the target application program has a plurality of target user operations to be subjected to authority verification, and the authority description information is used for describing executable user role information corresponding to each target user operation and execution condition information corresponding to each target user operation;
generating a first corresponding relation table between user role information and target operation execution authority information according to executable user role information corresponding to each target user operation, wherein the target operation execution authority information is used for representing the target user operation of which the corresponding user role has execution authority;
acquiring a second corresponding relation table between the user role information and the user identification which are established for the target application program;
after a trigger request of a target user for a first user operation in the target user operations is acquired, judging whether the target user can execute the first user operation according to the trigger request, the first corresponding relation table, the second corresponding relation table and execution condition information corresponding to each target user operation so as to perform authority control on the target user;
judging whether the target user can execute the first user operation according to the trigger request, the first corresponding relation table, the second corresponding relation table and the execution condition information corresponding to each target user operation, wherein the judging step comprises the following steps:
extracting the user identification of the target user from the trigger request, acquiring the user role information of the target user according to the user identification of the target user and the second corresponding relation table, and acquiring the target operation execution authority information corresponding to the target user according to the user role information of the target user and the first corresponding relation table;
if the target operation execution authority information corresponding to the target user indicates that the user role of the target user has the authority of executing the first user operation, extracting the execution condition information corresponding to the first user operation from the execution condition information corresponding to each target user operation;
extracting an operation execution parameter from the trigger request, and if the operation execution parameter is matched with execution condition information corresponding to the first user operation, determining that the target user can execute the first user operation;
the second correspondence table is created by:
determining the generation time of each user identifier of the target application program, and determining the priority of each user identifier of the target application program according to the generation time;
and determining user role information corresponding to each user identifier of the target application program according to the priority so as to generate a second corresponding relation table between the user role information and the user identifiers.
2. The method of claim 1, wherein generating a first mapping table between user role information and target operation execution permission information according to executable user role information corresponding to each target user operation comprises:
determining the target user operation with execution authority of each user role information according to the executable user role information corresponding to each target user operation;
generating target operation execution authority information corresponding to each user role information according to the target user operation with execution authority of each user role information;
and generating a first corresponding relation table between the user role information and the target operation execution authority information according to the target operation execution authority information corresponding to each user role information.
3. The method of claim 1, wherein obtaining rights expression information recorded in the code of the target application comprises:
after the target application program is started, acquiring a code directory of the target application program based on a reflection technology, positioning the position of the authority description information in the code of the target application program according to the code directory, and extracting the authority description information from the code of the target application program according to the position;
alternatively, the first and second electrodes may be,
before the target application program is started, scanning each line of codes of the target application program through a preset script to position the authority description information in the codes of the target application program, and extracting the authority description information from the codes of the target application program according to the position.
4. The method according to any one of claims 1-3, further comprising:
after acquiring the authority description information recorded in the code of the target application program, carrying out format conversion on the authority description information according to a data receiving format requirement corresponding to a data receiving process, and sending the information after the format conversion to the data receiving process through a data sending process;
and performing format conversion on the received information through the data receiving process according to the data storage format requirement corresponding to the target database, and storing the information after the format conversion in the target database.
5. A user right control apparatus, comprising:
the first acquisition module is used for acquiring the authority description information recorded in the code of the target application program; the target application program has a plurality of target user operations to be subjected to authority verification, and the authority description information is used for describing executable user role information corresponding to each target user operation and execution condition information corresponding to each target user operation;
the first generation module is used for generating a first corresponding relation table between user role information and target operation execution authority information according to executable user role information corresponding to each target user operation, wherein the target operation execution authority information is used for representing the target user operation of which the corresponding user role has execution authority;
the second acquisition module is used for acquiring a second corresponding relation table between the user role information and the user identification which are established for the target application program;
an operation judgment module, configured to, after a trigger request of a target user for a first user operation in the target user operations is acquired, judge whether the target user can execute the first user operation according to the trigger request, the first correspondence table, the second correspondence table, and execution condition information corresponding to each target user operation, so as to perform permission control on the target user;
the operation judgment module is specifically configured to:
extracting the user identification of the target user from the trigger request, acquiring the user role information of the target user according to the user identification of the target user and the second corresponding relation table, and acquiring the target operation execution authority information corresponding to the target user according to the user role information of the target user and the first corresponding relation table;
if the target operation execution authority information corresponding to the target user indicates that the user role of the target user has the authority of executing the first user operation, extracting the execution condition information corresponding to the first user operation from the execution condition information corresponding to each target user operation;
extracting an operation execution parameter from the trigger request, and if the operation execution parameter is matched with execution condition information corresponding to the first user operation, determining that the target user can execute the first user operation;
a second generation module to:
determining the generation time of each user identifier of the target application program, and determining the priority of each user identifier of the target application program according to the generation time;
and determining user role information corresponding to each user identifier of the target application program according to the priority so as to generate a second corresponding relation table between the user role information and the user identifiers.
6. The apparatus according to claim 5, wherein the first generating module is specifically configured to:
determining the target user operation with execution authority of each user role information according to the executable user role information corresponding to each target user operation;
generating target operation execution authority information corresponding to each user role information according to the target user operation with execution authority of each user role information;
and generating a first corresponding relation table between the user role information and the target operation execution authority information according to the target operation execution authority information corresponding to each user role information.
7. The apparatus of claim 5, wherein the first obtaining module is specifically configured to:
after the target application program is started, acquiring a code directory of the target application program based on a reflection technology, positioning the position of the authority description information in the code of the target application program according to the code directory, and extracting the authority description information from the code of the target application program according to the position;
alternatively, the first and second electrodes may be,
before the target application program is started, scanning each line of codes of the target application program through a preset script to position the authority description information in the codes of the target application program, and extracting the authority description information from the codes of the target application program according to the position.
8. The apparatus according to any one of claims 5 to 7, wherein the apparatus further comprises an information transfer module configured to:
after acquiring the authority description information recorded in the code of the target application program, carrying out format conversion on the authority description information according to a data receiving format requirement corresponding to a data receiving process, and sending the information after the format conversion to the data receiving process through a data sending process;
and performing format conversion on the received information through the data receiving process according to the data storage format requirement corresponding to the target database, and storing the information after the format conversion in the target database.
CN202010205324.4A 2020-03-20 2020-03-20 User authority control method and device Active CN111428252B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010205324.4A CN111428252B (en) 2020-03-20 2020-03-20 User authority control method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010205324.4A CN111428252B (en) 2020-03-20 2020-03-20 User authority control method and device

Publications (2)

Publication Number Publication Date
CN111428252A CN111428252A (en) 2020-07-17
CN111428252B true CN111428252B (en) 2023-03-21

Family

ID=71548477

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010205324.4A Active CN111428252B (en) 2020-03-20 2020-03-20 User authority control method and device

Country Status (1)

Country Link
CN (1) CN111428252B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112487830A (en) * 2020-11-09 2021-03-12 文思海辉智科科技有限公司 Translation memory library operation execution method and device, computer equipment and storage medium
CN112905970A (en) * 2021-03-24 2021-06-04 北京房江湖科技有限公司 Authority verification method and device, computer readable storage medium and electronic equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108090734A (en) * 2017-12-12 2018-05-29 深圳市买买提信息科技有限公司 User role matching process and device
CN108885735A (en) * 2016-03-28 2018-11-23 开利公司 Cold chain distribution data priority determines
CN109446833A (en) * 2018-09-17 2019-03-08 深圳点猫科技有限公司 A kind of authorization check method and electronic equipment based on educational system
CN109598117A (en) * 2018-10-24 2019-04-09 平安科技(深圳)有限公司 Right management method, device, electronic equipment and storage medium

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104090770A (en) * 2014-07-22 2014-10-08 中国地质大学(北京) Method based on function of user right configuration system in software development
US9811791B2 (en) * 2014-12-23 2017-11-07 Sap Se Personalized work planning based on self-optimizing role-based crowd-sourced information
CN106790001B (en) * 2016-12-12 2021-01-15 中电科华云信息技术有限公司 Unified interface-based multi-system role authority management method and system
CN110245499B (en) * 2019-05-08 2023-02-28 深圳丝路天地电子商务有限公司 Web application authority management method and system
CN110727929B (en) * 2019-10-12 2021-07-30 北京明略软件系统有限公司 AOP-based line-level authority control method, device and client

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108885735A (en) * 2016-03-28 2018-11-23 开利公司 Cold chain distribution data priority determines
CN108090734A (en) * 2017-12-12 2018-05-29 深圳市买买提信息科技有限公司 User role matching process and device
CN109446833A (en) * 2018-09-17 2019-03-08 深圳点猫科技有限公司 A kind of authorization check method and electronic equipment based on educational system
CN109598117A (en) * 2018-10-24 2019-04-09 平安科技(深圳)有限公司 Right management method, device, electronic equipment and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
李佳 ; 徐向阳 ; .角色管理自动化的访问控制.2007,(第05期),全文. *

Also Published As

Publication number Publication date
CN111428252A (en) 2020-07-17

Similar Documents

Publication Publication Date Title
US9349023B2 (en) Database encryption system, method, and program
US11442691B2 (en) Database systems and methods for conversation-driven dynamic updates
EA007778B1 (en) Application generator
CN111428252B (en) User authority control method and device
CN108011767B (en) Non-invasive configurable operation and maintenance system
US20130232470A1 (en) Launching an application stack on a cloud platform environment
JP2023530802A (en) Cluster access method, cluster access device, electronic device, computer-readable storage medium and computer program
KR101977624B1 (en) Method and apparatus for providing authentication information on a web page
KR102295593B1 (en) Automatically generating certification documents
US10103948B1 (en) Computing devices for sending and receiving configuration information
CN112583815B (en) Operation instruction management method and device
CN111177776A (en) Multi-tenant data isolation method and system
CN115412269A (en) Service processing method, device, server and storage medium
CN111191200B (en) Three-party linkage authentication page display method and device and electronic equipment
WO2021135257A1 (en) Vulnerability processing method and related device
CN113645226A (en) Data processing method, device, equipment and storage medium based on gateway layer
US20230085367A1 (en) Authorization processing method, electronic device, and non-transitory computer-readable storage medium
US10735399B2 (en) System, service providing apparatus, control method for system, and storage medium
CN108737350B (en) Information processing method and client
US20050228982A1 (en) Data communication system control method, data communication system, and information processing apparatus
CN115145973A (en) Data operation method, program product, storage medium and electronic device
CN114969045A (en) Account creating method, Internet of things multi-tenant system, equipment, program and medium
JP2018041188A (en) Address management device, data management system and program
US20190386897A1 (en) System to generate cloud resource diagrams
CN113127821A (en) Identity authentication method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant