CN114978760A - Authority management method, device, equipment and storage medium - Google Patents
Authority management method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN114978760A CN114978760A CN202210740532.3A CN202210740532A CN114978760A CN 114978760 A CN114978760 A CN 114978760A CN 202210740532 A CN202210740532 A CN 202210740532A CN 114978760 A CN114978760 A CN 114978760A
- Authority
- CN
- China
- Prior art keywords
- target
- role
- client
- mapping relation
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims description 26
- 238000013507 mapping Methods 0.000 claims abstract description 140
- 230000007246 mechanism Effects 0.000 claims abstract description 97
- 238000000034 method Methods 0.000 claims abstract description 28
- 238000004590 computer program Methods 0.000 claims description 12
- 238000012217 deletion Methods 0.000 claims description 3
- 230000037430 deletion Effects 0.000 claims description 3
- 230000008520 organization Effects 0.000 description 42
- 238000010586 diagram Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008447 perception Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The application provides a method, a device, equipment and a storage medium for managing authority, wherein the method comprises the steps of inquiring a corresponding role information list after acquiring a user identifier; the role list comprises a plurality of mapping relations, and each mapping relation comprises a mechanism and a role corresponding to the user identifier in the mechanism; determining a target mapping relation containing a target mechanism to be accessed in the role information list; target authority information corresponding to the user identification in the target mechanism is obtained according to the role query in the target mapping relation; and writing the target authority information and the target mapping relation into a session object corresponding to the user identifier so as to support the client to access the target mechanism. According to the scheme, the role information list of the user is preset, so that the roles of all users in corresponding mechanisms can be inquired according to the requirements of the user, and the authority information according with the roles of all users can be further obtained, and the users can be conveniently switched among different mechanisms.
Description
Technical Field
The present invention relates to the field of rights management technologies, and in particular, to a method, an apparatus, a device, and a storage medium for rights management.
Background
The existing bank system adopts a uniform user authentication mode to verify teller information. When a cross-institution scenario occurs where a teller needs to log in from one institution to another, existing banking systems require the user (i.e., the teller) to perform user authentication again to allow access to the new institution. Thus, existing banking systems are less efficient at handling transactions involving cross-institutions.
Disclosure of Invention
In view of the above disadvantages of the prior art, the present application provides a method, an apparatus, a device, and a storage medium for rights management, so as to provide a scheme capable of switching between different roles of different organizations conveniently and efficiently, and improve the processing efficiency of cross-organization services.
The first aspect of the present application provides a rights management method, applied to a server, the method including:
receiving a user identifier of a client;
inquiring a role information list corresponding to the user identification; the role list comprises a plurality of mapping relations, and each mapping relation comprises a mechanism and a role corresponding to the user identifier in the mechanism;
determining a target mapping relation containing a target mechanism to be accessed in the role information list;
target authority information corresponding to the user identification in the target mechanism is obtained according to the role query in the target mapping relation;
and writing the target authority information and the target mapping relation into a session object corresponding to the user identifier so as to support the client to access the target mechanism.
Optionally, the user identifier is carried by a mechanism switching request sent by the client;
before the querying the role information list corresponding to the user identifier, the method further includes:
inquiring a session object corresponding to the user identification;
and deleting the historical authority information and the historical mapping relation which are stored in the session object.
Optionally, after the storing the target permission information and the target mapping relationship in the session object corresponding to the user identifier, the method further includes:
sending the menu information corresponding to the target mechanism to the client so that the client can display the menu interface of the target mechanism according to the menu information; wherein the menu information is determined according to the target permission information.
Optionally, the determining, in the role information list, a target mapping relationship including a target mechanism to be accessed includes:
sending the role information list to the client to enable the client to display the role information list;
receiving a mapping relation designation request sent by the client;
and determining the mapping relation specified by the mapping relation specifying request in the role information list as a target mapping relation.
The second aspect of the present application provides a rights management device, applied to a server, the device including:
the receiving unit is used for receiving the user identification of the client;
the query unit is used for querying the role information list corresponding to the user identifier; the role list comprises a plurality of mapping relations, and each mapping relation comprises a mechanism and a role corresponding to the user identifier in the mechanism;
the determining unit is used for determining a target mapping relation containing a target mechanism to be accessed in the role information list;
the query unit is used for querying and obtaining target authority information corresponding to the user identifier in the target mechanism according to the role in the target mapping relation;
and the writing unit is used for writing the target authority information and the target mapping relation into a session object corresponding to the user identifier so as to support the client to access the target mechanism.
Optionally, the user identifier is carried by a mechanism switching request sent by the client;
the apparatus further comprises a deletion unit configured to:
inquiring a session object corresponding to the user identification;
and deleting the historical authority information and the historical mapping relation which are stored in the session object.
Optionally, the apparatus further includes a sending unit, configured to:
sending the menu information corresponding to the target mechanism to the client so that the client can display the menu interface of the target mechanism according to the menu information; wherein the menu information is determined according to the target permission information.
Optionally, when the determining unit determines, in the role information list, that a target mapping relationship that includes a target mechanism to be accessed is included, the determining unit is specifically configured to:
sending the role information list to the client to enable the client to display the role information list;
receiving a mapping relation designation request sent by the client;
and determining the mapping relation specified by the mapping relation specifying request in the role information list as a target mapping relation.
A third aspect of the present application provides an electronic device comprising a memory and a processor;
the memory is used for storing a computer program;
the processor is configured to execute the computer program, and in particular, is configured to implement the rights management method provided in any one of the first aspects of the present application.
A fourth aspect of the present application provides a computer storage medium for storing a computer program, where the computer program is specifically configured to implement the rights management method provided in any one of the first aspects of the present application when executed.
The application provides a method, a device, equipment and a storage medium for managing authority, wherein the method comprises the steps of inquiring a corresponding role information list after acquiring a user identifier; the role list comprises a plurality of mapping relations, and each mapping relation comprises a mechanism and a role corresponding to the user identifier in the mechanism; determining a target mapping relation containing a target mechanism to be accessed in the role information list; target authority information corresponding to the user identification in the target mechanism is obtained according to the role query in the target mapping relation; and writing the target authority information and the target mapping relation into a session object corresponding to the user identifier so as to support the client to access the target mechanism. According to the scheme, the role information list of the user is preset, so that the roles of all users in corresponding mechanisms can be inquired according to the requirements of the user, and the authority information according with the roles of all users can be further obtained, and the users can be conveniently switched among different mechanisms.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a rights management method according to an embodiment of the present application;
FIG. 2 is a flowchart of another rights management method according to an embodiment of the present application;
fig. 3 is a flowchart of another rights management method provided in an embodiment of the present application;
fig. 4 is a schematic structural diagram of a rights management device according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In order to facilitate understanding of the technical solutions of the present invention, some concepts that may be related to the present invention will be described first.
And (4) multiple roles: since there are many banking lines (such as personal financial service, payment and clearing service, and domestic settlement service), there is a case where one teller assumes different roles under different banking lines, which is referred to herein as multi-role for short.
A span mechanism: due to the common reuse condition of personnel, a teller in a bank plays roles under different institutions (generally: a website A and a virtual institution B).
Unified user authentication: one user and one set of passwords log in different systems through a unified authentication mode (generally, the same authentication system is adopted).
Conversation object: also known as session, web applications follow the http specification, http is a stateless protocol, and the mainstream technical solution is to use session objects to store information during the session. The Session is stored in the server. Sessions can keep variables during the Session duration of the client and the server, the client requests to send an identifier (denoted as Session-id) capable of uniquely identifying one Session in the server to the server every time, and the server can keep the Session according to information in the Session after authenticating the identifier.
According to the method, after a user logs in or actively carries out multi-role cross-organization permission switching, a < role, organization > (one user plays a role in one organization) list is obtained according to the user unique identification, the specific use of the < role, organization > is selected by the user at the front end of the list, a permission is inquired according to the appointed role, a client menu is updated and displayed, and the information is stored in a user session (namely session) after the appointed is finished.
Referring to fig. 1, an embodiment of the present application provides a rights management method applied to a server, where the method may include:
s101, receiving a user identification of a client.
The user identifier of the client may be carried in any message (request) sent from the client to the server.
Taking a banking business system as an example, the user in any embodiment of the present application may be a bank teller.
In some embodiments, the method may be applied to an organization-specific scenario when the client logs in, and at this time, the user identifier may be carried in a login request sent by the client to the server. That is, the implementation manner of step S101 may be that the server receives a login request of the client, and then reads the carried user identifier from the login request.
In other embodiments, the method may also be applied to an organization switching scenario, that is, after a user has logged in and accessed an organization, the user is switched from the currently accessed organization to another organization, and at this time, the user identifier may be carried in an organization switching request. That is to say, the implementation manner of step S101 may be that the server receives an institution switching request of the client, and then reads the carried user identifier from the institution switching request.
Optionally, when the user identifier is carried by the mechanism switching request sent by the client, it indicates that the client has accessed another mechanism, and then the permission information and the mapping relationship (that is, the historical permission information and the historical mapping relationship) corresponding to the other mechanism that the client has accessed will be stored in the session object of the user, so in this case, before executing step S102, the method further includes:
inquiring a session object corresponding to the user identification;
and deleting the historical authority information and the historical mapping relation which are stored in the session object.
The method has the advantages that the data volume of the session object of the user is reduced, and the session object of the user is prevented from occupying excessive storage resources of the server.
And S102, inquiring a role information list corresponding to the user identification.
The role list comprises a plurality of mapping relations, and each mapping relation comprises a role corresponding to an organization and a user identifier in the organization.
As an example, the role information list may be in the form as shown in table 1:
TABLE 1
In table 1, 123456XX is a user identifier, which is used to describe that in table 1, the role information list corresponding to the user identifier 123456XX is shown, a column of "organization" shows each organization that the user can access, and a column of "role" shows roles that the user has in organizations in the same row, where the roles and organizations in each row form a mapping relationship, for example, two mapping relationships in table 1 are "role 1-organization 1" and "role a-organization 2", respectively, where the first mapping relationship shows that the user of the user identifier 123xx can access organization 456 1, and the role of the user in organization 1 is role 1.
Since a plurality of mapping relationships are stored, the role information list may also be a role-mechanism mapping table.
Based on the role information list, in S102, the server may perform matching one by one in the multiple role information lists that are constructed and stored in advance by using the received user identifier, so as to obtain a role information list corresponding to the user identifier through querying.
S103, determining the target mapping relation containing the target mechanism to be accessed in the role information list.
In step S103, there are various ways to determine the target mapping relationship.
A first optional mode is that when sending a message (request) carrying a user identifier to a server, a client may send an organization name of a target organization to be accessed (or other information that may uniquely determine the target organization) together, so that the server may find a corresponding target mapping relationship in a role information list according to organization information provided by the client.
With reference to the example in table 1, the client sends an organization name "organization 1" to the server, and the server finds a target mapping relationship "role 1-organization 1" in the role information list shown in table 1 according to the organization name.
In a second alternative, the server presents the role information list to the user, and the user specifies a target mapping relationship among a plurality of mapping relationships included in the role information list.
When determining the target mapping relationship in the second manner, a specific implementation of step S103 may include:
sending the role information list to a client to enable the client to display the role information list;
receiving a mapping relation designation request sent by a client;
and determining the mapping relation specified by the mapping relation specifying request in the role information list as a target mapping relation.
Still combining with the example of table 1, the server sends table 1 to the client, the client displays table 1, then the user clicks the mapping relationship between "role 1 and mechanism 1" (specifically, may click a certain cell therein), and then the client sends a mapping relationship specifying request to the server, where the mapping relationship between "role 1 and mechanism 1" is carried, so that the server determines that "role 1 and mechanism 1" is a target mapping relationship.
And S104, inquiring according to the role in the target mapping relation to obtain target authority information corresponding to the user identifier in the target mechanism.
Specifically, the server may be provided with a rights information database in which rights information of each organization is stored, and the rights information of each organization is managed in accordance with the corresponding role. Illustratively, the authority information of an organization in the authority information database may be represented by table 2.
TABLE 2
Based on the permission information database, the specific implementation manner of step S104 may be:
the server firstly searches and obtains a corresponding table for storing the authority information of the target mechanism according to the target mechanism recorded in the target mapping relation, and then inquires and obtains the authority information corresponding to the role in the table according to the role of the user in the target mechanism recorded in the target mapping relation.
With reference to the example of table 2, the server first finds table 2 in the rights information database according to "agency 1", and then finds the corresponding target rights information "rights 1" in table 2 according to "role 1".
Target permission information that specifies the permissions a user with a particular role (i.e., the role in the target mapping) has in the target organization, e.g., which functions and data of the target organization the user may access and which functions and data may not.
And S105, writing the target authority information and the target mapping relation into a session object corresponding to the user identifier so as to support the client to access the target mechanism.
The session object can be created and stored in the server when the user accesses the system for the first time, the session object will exist all the time during the continuous access of the user, and the session object will be deleted when the user finishes the access.
By writing the target authority information and the target mapping relation into the session object, when the user executes any operation in the target mechanism, the server can automatically complete identity authentication according to the target authority information and the target mapping relation in the session object, so that the user can conveniently and rapidly process services under the condition of no perception.
Optionally, after the target permission information and the target mapping relationship are stored in the session object corresponding to the user identifier, the method further includes:
and sending the menu information corresponding to the target mechanism to the client so that the client can display the menu interface of the target mechanism according to the menu information.
Wherein the menu information is determined according to the target permission information.
Since different organizations often have different menus and the menus that can be seen by roles with different permissions in the same organization may also be different, in order to facilitate the user to process services in the target organization, the menu meeting the target permission information in the target organization may be displayed to the user through the client after the writing in step S105 is completed.
The application provides a method for managing authority, which comprises the steps of inquiring a corresponding role information list after a user identifier is obtained; the role list comprises a plurality of mapping relations, and each mapping relation comprises a mechanism and a role corresponding to the user identifier in the mechanism; determining a target mapping relation containing a target mechanism to be accessed in the role information list; inquiring according to the role in the target mapping relation to obtain target authority information corresponding to the user identification in the target mechanism; and writing the target authority information and the target mapping relation into a session object corresponding to the user identifier so as to support the client to access the target mechanism. According to the scheme, the role information list of the user is preset, so that the roles of all users in corresponding mechanisms can be inquired according to the requirements of the user, and the authority information according with the roles of all users can be further obtained, and the users can be conveniently switched among different mechanisms.
As described above, the method for managing authority provided in the embodiment of the present application may be applied to an organization specifying scenario, that is, to an organization to be accessed when a user logs in for the first time, or may be applied to an organization switching scenario, that is, to a user who has logged in and accessed a certain organization and then switches from the currently accessed organization to another organization. The following describes specific embodiments of the present embodiment in these two scenarios.
Please refer to fig. 2, which is a flowchart illustrating a rights management method according to an embodiment of the present application when the method is applied to an organization specific scenario.
S201, receiving a login request of a client.
Step S201 is equivalent to step S101 in the foregoing embodiment, and for a specific implementation, refer to step S102, which is not described again.
S202, inquiring the role-mechanism mapping table according to the user identification.
Step S202 is equivalent to step S102 in the foregoing embodiment, and for a specific implementation, refer to step S102, which is not described again.
S203, the front end displays the role-mechanism mapping table.
Specifically, in step S203, the server sends the queried role-mechanism mapping table to the front end, that is, to the client used by the user, so that the client can display the role-mechanism mapping table on the display interface.
As described above, the role-mechanism mapping table of the present embodiment corresponds to the role information list of the previous embodiment.
And S204, obtaining the mapping relation specified by the user.
If the user has specified the mapping relationship, step S205 is executed, and if the user has not specified the mapping relationship, step S203 is continuously executed, and the role-mechanism mapping table is continuously displayed at the front end.
The user may specify the mapping relationship by clicking on any of the mapping relationships in the role-to-institution mapping table.
As described above, steps S203 to S204 correspond to step S103 of the foregoing embodiment.
S205, inquiring the authority information of the user according to the role-mechanism mapping table.
For a specific implementation of step S205, refer to step S104 in the foregoing embodiment, which is not described herein again.
S206, writing the authority information and the appointed mapping relation into the session object of the user.
The rights information written into the session object in step S206 corresponds to the target rights information in the embodiment corresponding to fig. 1, and the specified mapping relationship written into the session object corresponds to the target mapping relationship in the embodiment corresponding to fig. 1.
And S207, displaying a menu at the front end, and providing the menu for the user to operate.
In step S207, the front end (i.e. the client) may present the menus of the organization according to the authority information of the user in the organization, so that the user may perform the required operations through the menus.
The beneficial effects of this embodiment are the same as those of the embodiment shown in fig. 1, and are not described again.
Please refer to fig. 3, which is a flowchart illustrating a rights management method according to an embodiment of the present application when the method is applied to an organization switching scenario.
S301, receiving a mechanism switching request of a client.
During the client accessing one institution, the user may perform an operation of the switching mechanism, and the client transmits an institution switching request for requesting switching from the currently accessed institution to another institution to the server in response to the operation of the switching mechanism.
S302, deleting the history mapping relation and the history authority information from the session object of the user.
The historical mapping relation and the historical authority information are authority information and mapping relation corresponding to a previous mechanism and written by the server when the client accesses the previous mechanism.
Illustratively, during the period when the client accesses the mechanism a, the user needs the switching mechanism, so the client sends a mechanism switching request to the server, at this time, the authority information and mapping relationship that the client needs to access the mechanism a still exist in the session object of the user, and the authority information and mapping relationship corresponding to these mechanisms a are the historical mapping relationship and the historical authority information described in step S302.
The advantage of executing step S302 is to delete the unnecessary information in the session object in time, so as to avoid the session object occupying too much storage resources of the server.
The specific implementation of steps S303 to S308 in this embodiment is consistent with steps S202 to S207 in the corresponding embodiment of fig. 2 in sequence, and will not be described again below.
S303, inquiring the role-mechanism mapping table according to the user identification.
S304, the front end displays the role-mechanism mapping table.
S305, obtaining the mapping relation specified by the user.
If the user has specified the mapping relationship, step S306 is executed, and if the user has not specified the mapping relationship, step S304 is continuously executed, and the role-mechanism mapping table is continuously displayed at the front end.
S306, inquiring the authority information of the user according to the role-mechanism mapping table.
S307, writing the authority information and the specified mapping relation into the session object of the user.
And S308, displaying a menu at the front end, and providing the menu for the user to operate.
The beneficial effects of this embodiment are the same as those of the embodiment shown in fig. 1, and are not described again.
According to the rights management method provided by the above embodiment, an embodiment of the present application further provides a rights management apparatus, which is applied to a server, please refer to fig. 4, and the apparatus includes:
a receiving unit 401, configured to receive a user identifier of a client.
A querying unit 402, configured to query a role information list corresponding to the user identifier.
The role list comprises a plurality of mapping relations, and each mapping relation comprises a role corresponding to an organization and a user identifier in the organization.
A determining unit 403, configured to determine, in the role information list, a target mapping relationship including a target mechanism to be accessed.
And the query unit 402 is configured to query, according to the role in the target mapping relationship, to obtain target permission information corresponding to the user identifier in the target mechanism.
A writing unit 404, configured to write the target permission information and the target mapping relationship into a session object corresponding to the user identifier, so as to support the client to access the target mechanism.
Optionally, the user identifier is carried by a mechanism switching request sent by the client.
The apparatus further comprises a deletion unit 405 for:
inquiring a session object corresponding to the user identification;
and deleting the historical authority information and the historical mapping relation which are stored in the session object.
Optionally, the apparatus further includes a sending unit 406, configured to:
and sending the menu information corresponding to the target mechanism to the client so that the client can display the menu interface of the target mechanism according to the menu information.
Wherein the menu information is determined according to the target permission information.
Optionally, when the determining unit 403 determines, in the role information list, a target mapping relationship including a target mechanism to be accessed, specifically configured to:
sending the role information list to a client to enable the client to display the role information list;
receiving a mapping relation designation request sent by a client;
and determining the mapping relation specified by the mapping relation specifying request in the role information list as a target mapping relation.
For the rights management apparatus provided in the embodiments of the present application, specific working principles thereof may refer to relevant steps in the rights management method provided in any embodiment of the present application, and details are not described here.
The application provides a rights management device, which comprises a receiving unit 401, an inquiring unit 402, a receiving unit and a transmitting unit, wherein the receiving unit 401 acquires a user identifier and then inquires a corresponding role information list; the role list comprises a plurality of mapping relations, and each mapping relation comprises a mechanism and a role corresponding to the user identifier in the mechanism; the determining unit 403 determines a target mapping relationship including a target mechanism to be accessed in the role information list; the query unit 402 queries, according to the role in the target mapping relationship, to obtain target authority information corresponding to the user identifier in the target mechanism; the writing unit 404 writes the target authority information and the target mapping relationship into the session object corresponding to the user identifier, so as to support the client to access the target mechanism. According to the scheme, the role information list of the user is preset, so that the roles of all users in corresponding mechanisms can be inquired according to the requirements of the user, and the authority information according with the roles of all users can be further obtained, and the users can be conveniently switched among different mechanisms.
Referring to fig. 5, a schematic structural diagram of an electronic device according to an embodiment of the present disclosure is shown, where the electronic device includes a memory 501 and a processor 502.
The memory 501 is used to store computer programs.
The processor 502 is configured to execute a computer program, and is specifically configured to implement the rights management method provided in any embodiment of the present application.
The embodiments of the present application further provide a computer storage medium, which is used to store a computer program, and when the computer program is executed, the computer program is specifically used to implement the rights management method provided in any embodiment of the present application.
Those skilled in the art can make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A method for managing authority, which is applied to a server, the method comprises the following steps:
receiving a user identifier of a client;
inquiring a role information list corresponding to the user identification; the role list comprises a plurality of mapping relations, and each mapping relation comprises a mechanism and a role corresponding to the user identifier in the mechanism;
determining a target mapping relation containing a target mechanism to be accessed in the role information list;
target authority information corresponding to the user identification in the target mechanism is obtained according to the role query in the target mapping relation;
and writing the target authority information and the target mapping relation into a session object corresponding to the user identifier so as to support the client to access the target mechanism.
2. The method of claim 1, wherein the user identity is carried by a mechanism switch request sent by the client;
before the querying the role information list corresponding to the user identifier, the method further includes:
inquiring a session object corresponding to the user identification;
and deleting the historical authority information and the historical mapping relation which are stored in the session object.
3. The method according to claim 1, wherein after storing the target permission information and the target mapping relationship in the session object corresponding to the user identifier, further comprising:
sending the menu information corresponding to the target mechanism to the client so that the client can display the menu interface of the target mechanism according to the menu information; wherein the menu information is determined according to the target permission information.
4. The method of claim 1, wherein the determining a target mapping relationship containing a target mechanism to be accessed in the role information list comprises:
sending the role information list to the client to enable the client to display the role information list;
receiving a mapping relation designation request sent by the client;
and determining the mapping relation specified by the mapping relation specifying request in the role information list as a target mapping relation.
5. A rights management apparatus applied to a server, the apparatus comprising:
the receiving unit is used for receiving the user identification of the client;
the query unit is used for querying the role information list corresponding to the user identifier; the role list comprises a plurality of mapping relations, and each mapping relation comprises a mechanism and a role corresponding to the user identifier in the mechanism;
the determining unit is used for determining a target mapping relation containing a target mechanism to be accessed in the role information list;
the query unit is used for querying and obtaining target authority information corresponding to the user identifier in the target mechanism according to the role in the target mapping relation;
and the writing unit is used for writing the target authority information and the target mapping relation into a session object corresponding to the user identifier so as to support the client to access the target mechanism.
6. The apparatus of claim 5, wherein the user identity is carried by a mechanism switch request sent by the client;
the apparatus further comprises a deletion unit configured to:
inquiring a session object corresponding to the user identification;
and deleting the historical authority information and the historical mapping relation which are stored in the session object.
7. The apparatus of claim 5, further comprising a sending unit configured to:
sending the menu information corresponding to the target mechanism to the client so that the client can display the menu interface of the target mechanism according to the menu information; wherein the menu information is determined according to the target permission information.
8. The apparatus according to claim 5, wherein the determining unit, when determining the target mapping relationship including the target mechanism to be accessed in the role information list, is specifically configured to:
sending the role information list to the client to enable the client to display the role information list;
receiving a mapping relation designation request sent by the client;
and determining the mapping relation specified by the mapping relation specifying request in the role information list as a target mapping relation.
9. An electronic device comprising a memory and a processor;
the memory is used for storing a computer program;
the processor is configured to execute the computer program, in particular to implement the rights management method as claimed in any of claims 1 to 4.
10. A computer storage medium storing a computer program which, when executed, is particularly adapted to implement the rights management method as claimed in any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210740532.3A CN114978760A (en) | 2022-06-28 | 2022-06-28 | Authority management method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210740532.3A CN114978760A (en) | 2022-06-28 | 2022-06-28 | Authority management method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114978760A true CN114978760A (en) | 2022-08-30 |
Family
ID=82964830
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210740532.3A Pending CN114978760A (en) | 2022-06-28 | 2022-06-28 | Authority management method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114978760A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107294925A (en) * | 2016-04-01 | 2017-10-24 | 腾讯科技(深圳)有限公司 | A kind of identity switching method and device |
| CN111651738A (en) * | 2020-04-28 | 2020-09-11 | 中国科学院计算机网络信息中心 | Fine-grained role authority unified management method based on front-end and back-end separation framework and electronic device |
| CN113297550A (en) * | 2021-06-17 | 2021-08-24 | 中国农业银行股份有限公司 | Authority control method, device, equipment, storage medium and program product |
| CN113901496A (en) * | 2021-10-12 | 2022-01-07 | 中国农业银行股份有限公司 | Business processing method, device and equipment based on multi-business system |
| CN114266021A (en) * | 2021-12-20 | 2022-04-01 | 中国农业银行股份有限公司 | User authority management method, device, equipment and medium |
-
2022
- 2022-06-28 CN CN202210740532.3A patent/CN114978760A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107294925A (en) * | 2016-04-01 | 2017-10-24 | 腾讯科技(深圳)有限公司 | A kind of identity switching method and device |
| CN111651738A (en) * | 2020-04-28 | 2020-09-11 | 中国科学院计算机网络信息中心 | Fine-grained role authority unified management method based on front-end and back-end separation framework and electronic device |
| CN113297550A (en) * | 2021-06-17 | 2021-08-24 | 中国农业银行股份有限公司 | Authority control method, device, equipment, storage medium and program product |
| CN113901496A (en) * | 2021-10-12 | 2022-01-07 | 中国农业银行股份有限公司 | Business processing method, device and equipment based on multi-business system |
| CN114266021A (en) * | 2021-12-20 | 2022-04-01 | 中国农业银行股份有限公司 | User authority management method, device, equipment and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10778693B2 (en) | Network-based real-time distributed data compliance broker | |
| US11962577B2 (en) | Resource transfer setup and verification | |
| US8572023B2 (en) | Data services framework workflow processing | |
| US20190097807A1 (en) | Network access control based on distributed ledger | |
| US20230087628A1 (en) | Compromise free cloud data encryption and security | |
| WO2019041738A1 (en) | Client resource obtaining method and apparatus, terminal device, and storage medium | |
| CN104660562A (en) | Method, related device and system for information viewing | |
| US20140325628A1 (en) | Login method, apparatus, and system | |
| US9471896B2 (en) | Memo synchronization system, mobile system, and method for synchronizing memo data | |
| CN109088812A (en) | Information processing method, device, computer equipment and storage medium | |
| CN110807209B (en) | Data processing method, device and storage medium | |
| CN113761552A (en) | Access control method, device, system, server and storage medium | |
| EP3269098B1 (en) | Large data management in communication applications through multiple mailboxes | |
| CN114978760A (en) | Authority management method, device, equipment and storage medium | |
| US11556402B2 (en) | Metadata plane for application programming interface | |
| CN113221177A (en) | Data access method, device and system in distributed system | |
| CN113421052A (en) | Data sharing management method, system and computer readable storage medium | |
| US10554789B2 (en) | Key based authorization for programmatic clients | |
| US8453166B2 (en) | Data services framework visibility component | |
| US10621148B1 (en) | Maintaining multiple object stores in a distributed file system | |
| US20230403279A1 (en) | Internet protocol (ip) whitelisting for signed uniform resource locators (urls) | |
| KR102383998B1 (en) | Information collection agency system including proxy server that manages internet protocol addresses | |
| CN116860862B (en) | Front-end caching method of low-code platform and related equipment | |
| US20240061954A1 (en) | Systems and methods for data access and deletion in distributed service systems | |
| US20240061916A1 (en) | Systems and methods for access authentication using prioritized personal information questions for data access and deletion in distributed service systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |