CN115952487A - Tenant information configuration system and method under various organizations - Google Patents
Tenant information configuration system and method under various organizations Download PDFInfo
- Publication number
- CN115952487A CN115952487A CN202310240360.8A CN202310240360A CN115952487A CN 115952487 A CN115952487 A CN 115952487A CN 202310240360 A CN202310240360 A CN 202310240360A CN 115952487 A CN115952487 A CN 115952487A
- Authority
- CN
- China
- Prior art keywords
- user
- information
- tenant
- organization
- role
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 230000008520 organization Effects 0.000 claims abstract description 106
- 238000012795 verification Methods 0.000 claims description 7
- 238000003860 storage Methods 0.000 claims description 5
- 238000000547 structure data Methods 0.000 claims description 3
- 239000000126 substance Substances 0.000 claims 2
- 238000009776 industrial production Methods 0.000 description 5
- 230000007246 mechanism Effects 0.000 description 3
- 238000010276 construction Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000003032 molecular docking Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The embodiment of the invention provides a system and a method for configuring tenant information under various organizations, belonging to the technical field of computer software background servers and management systems. The system comprises: the acquisition module is used for introducing tenant configuration trigger information; the business application module is used for analyzing the tenant configuration trigger information to obtain various configuration information of the corresponding tenant; the back end of the service application module is connected with a plurality of sub-management modules which are used for deploying all configuration information of corresponding tenants in parallel. The scheme of the invention provides a flexible, efficient and safe multi-tenant user authority management system capable of rapidly configuring organization authorities, and an organization tree and an authority tree are built according to an organization scope and an authority scope. When a user group and subgroup organization is created, the tree is abstractly organized into a multi-branch tree to be continuously managed through the idea of the tree in the data structure.
Description
Technical Field
The invention relates to the technical field of computer software background servers and management systems, in particular to a tenant information configuration system and a tenant information configuration method under various organizations.
Background
Internet applications, internet management platform applications are increasingly used in various fields of industrial production. In industrial production, a standardized business application system is commonly deployed in specific organizational structures of different enterprises, and therefore, a new requirement for a rights management system is also brought about, namely, one set of rights management system can meet the requirement for quickly docking and managing different organizational structures, and the existing rights management system cannot realize user management and rights management control for quickly and dynamically configuring a plurality of organizational structures and a plurality of application systems.
For a special scene in the industrial field, a set of service applications may be deployed under different organizations, and the current user right management system fails to provide a set of rapid and dynamic configuration and deployment methods for the organization right management system. Therefore, when building and developing teams of different application systems build user authority management of a specific system, the system needs to be developed again, and redundant manpower and material resources are needed. In addition, aiming at the organization structure in the industrial field, the authority structure division is more detailed and is more complex compared with the internet. Aiming at the problems of high development difficulty and low configuration speed in the existing tenant configuration under multiple organizations, a new scheme for tenant configuration under multiple organizations needs to be created.
Disclosure of Invention
The invention aims to provide a system and a method for configuring tenant information under multiple organizations, which at least solve the problems of high development difficulty and low configuration speed when the tenant configuration is carried out under multiple organizations.
In order to achieve the above object, a first aspect of the present invention provides a tenant information configuration system under multiple organizations, the system including: the acquisition module is used for introducing tenant configuration trigger information; the business application module is used for analyzing the tenant configuration trigger information to obtain various configuration information of the corresponding tenant; the back end of the service application module is connected with a plurality of sub-management modules which are used for deploying all configuration information of corresponding tenants in parallel.
Optionally, the tenant configuration trigger information is a configuration file or a pre-written code.
Optionally, the configuration information includes: role type, organizational structure, and permission type; the role types include: user information of a current tenant corresponding organization, user group information corresponding to each user, role information corresponding to each user group and authority information of each role; the tissue structure includes: the method comprises the following steps of associating table information of users and roles, associating table information of users and user groups, associating table information of user groups and roles and associating table information of roles and authorities.
Optionally, the service application module includes: the system comprises a permission management module, an organization management module, a user group management module, a role management module and a user management module; the user management module provides an interface for dynamically configuring user information in an organization corresponding to a specific tenant in the user authority management system; the user management module also provides an interface for synchronizing the user information existing in the organization corresponding to the specific tenant to the user authority management system; the organization management module provides an interface for dynamically configuring a specific organization structure in an organization corresponding to a specific tenant in the user authority management system; the user group management module provides an interface for dynamically configuring specific user group information in an organization corresponding to a specific tenant in the user authority management system; the role management module provides an interface for dynamically configuring specific role information in an organization corresponding to a specific tenant in the user role management system; the user authority management system is a target configuration system configured for the tenant.
Optionally, the system further includes: the authority building module is used for configuring an authority management system of the current tenant; the authority management system is built based on an integrated Spring Security framework and a Jwt framework.
Optionally, the service application module is further configured to, after obtaining various configuration information of a corresponding tenant, perform the configuration information verification, including: checking whether the analogy of the current group and the superior group of the current group conforms to the category constraint relation of the superior and inferior groups of multiple organizations in the tree structure, if not, the checking fails, otherwise, the checking succeeds; the group is a node in an organization tree structure corresponding to a specific tenant; the organization tree structure is constructed step by step based on the constraint relationship among the groups.
A second aspect of the present invention provides a method for configuring tenant information in multiple organizations, where the method is implemented based on the above tenant information configuration system in multiple organizations, and includes: introducing tenant configuration trigger information; analyzing the tenant configuration trigger information to obtain various configuration information of the corresponding tenant; and deploying all pieces of configuration information of the corresponding tenants in parallel.
Optionally, the tenant configuration trigger information is a configuration file or a pre-written code.
Optionally, the configuration information includes: role type, organization structure and permission type; the role types include: user information of a current tenant corresponding organization, user group information corresponding to each user, role information corresponding to each user group and authority information of each role; the tissue structure includes: the method comprises the following steps of associating table information of users and roles, associating table information of users and user groups, associating table information of user groups and roles and associating table information of roles and authorities.
Optionally, before the parallel deployment of the configuration information of the corresponding tenants, the method further includes: performing the configuration information verification, including: checking whether the analogy of the current group and the superior group of the current group conforms to the category constraint relation of the superior and inferior groups of multiple organizations in the tree structure, if not, the checking fails, otherwise, the checking succeeds; the group is a node in an organization tree structure corresponding to a specific tenant; the organization tree structure is constructed step by step based on the constraint relationship among the groups.
Optionally, the concurrently deploying various pieces of configuration information of the corresponding tenants includes: creating user information; establishing organization structure data, establishing an incidence relation between each group and the role in the organization structure, and obtaining a group role; creating user group data, creating an incidence relation between each user group and the role, and acquiring the user group role; creating an incidence relation between a user and the group role; creating an incidence relation between a user and the user group role; and creating an association relationship between the user and the role.
In another aspect, the present invention provides a computer-readable storage medium, which stores instructions that, when executed on a computer, cause the computer to perform the above-mentioned tenant information configuration method under various organizations.
Through the technical scheme, the trigger information is analyzed by setting the service application module, then the corresponding interfaces of the sub-modules are respectively called, the configuration information obtained by analysis is automatically configured in parallel, and the tenant data configuration is completed and the authority structure configuration is synchronously and automatically completed. The multi-tenant user authority management system is flexible, efficient and safe and can rapidly configure organization authority, and an organization tree and an authority tree are built according to an organization range and an authority range. When a user group and subgroup organization is created, the tree is abstractly organized into a multi-branch tree to be continuously managed through the idea of the tree in the data structure.
Additional features and advantages of embodiments of the invention will be set forth in the detailed description which follows.
Drawings
The accompanying drawings, which are included to provide a further understanding of the embodiments of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the embodiments of the invention without limiting the embodiments of the invention. In the drawings:
fig. 1 is a system architecture diagram of a tenant information configuration system in various organizations according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating steps of a tenant information configuration method in various organizations according to an embodiment of the present invention.
Detailed Description
The following detailed description of embodiments of the invention refers to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the preferred embodiment of the invention, are given by way of illustration and explanation only, not limitation.
Internet applications, internet management platform applications are increasingly used in various fields of industrial production. In industrial production, a standardized business application system is commonly deployed under specific organizational structures of different enterprises, so that a new requirement for a right management system is brought up, namely, a set of right management system can meet the requirement for quickly docking and managing different organizational mechanisms, and the conventional right management system cannot realize user management and right management control for quickly and dynamically configuring a plurality of organizational mechanisms and a plurality of application systems. In the field of industrial production, there is an urgent need for a method for a user right management system applicable to multiple organizations and multiple application systems, and capable of rapidly switching and dynamically configuring a specific organization and application system. Therefore, the development management of system construction units can be greatly simplified, and users using the application systems can be greatly facilitated.
For a special scene in the industrial field, a set of service applications may be deployed under different organizations, and the current user right management system fails to provide a set of rapid and dynamic configuration and deployment methods for the organization right management system. Therefore, when building and developing teams of different application systems build user authority management of a specific system, the system needs to be developed again, and redundant manpower and material resources are needed. In addition, aiming at the organization structure in the industrial field, the authority structure division is more detailed and is more complex compared with the Internet.
Aiming at the problems of high development difficulty and low configuration speed in the existing tenant configuration under multiple organizations, the invention provides a novel tenant information configuration system under multiple organizations, provides a flexible, efficient and safe multi-tenant user authority management system capable of rapidly configuring organization authorities, and builds an organization tree and an authority tree according to an organization scope and an authority scope. When a user group and subgroup organization is created, the tree is abstractly organized into a multi-branch tree to be continuously managed through the thought of the tree in the data structure.
Fig. 1 is a system configuration diagram of a tenant information configuration system in multiple organizations according to an embodiment of the present invention. As shown in fig. 1, an embodiment of the present invention provides a tenant information configuration system under multiple organizations, where the system includes: the acquisition module is used for introducing tenant configuration trigger information; the business application module is used for analyzing the tenant configuration trigger information to obtain corresponding configuration information; the back end of the service application module is connected with a plurality of sub-management modules which are used for deploying all configuration information of corresponding tenants in parallel.
In the embodiment of the invention, in the method for establishing the authority management system applicable to the industrial field, the conventional basic user authority management system cannot provide user management for interfacing a plurality of organizations or a plurality of application systems, and particularly does not realize user management for dynamically configuring a plurality of organizations or a plurality of application systems in one set of user authority management system, so that when establishing the user authority management of a specific system, construction and development teams of different application systems need to re-develop and need redundant manpower and material resources.
The scheme of the invention creates and manages the organization tree and the authority tree through the multi-branch tree. When a user group and a sub organization structure are created, the tree is abstracted and organized into a multi-branch tree through the thought of the tree in the data structure, the nearest public father nodes of different organizations are found, and the user group, the sub organization structure and the public father organization are associated.
Preferably, the tenant configuration trigger information is a configuration file or a pre-written code.
In the embodiment of the invention, when a user has tenant configuration requirements, the user can directly introduce a configuration file or write codes in advance, and the main writing and configuration content needs to configure information corresponding to specific role types, organization results, authority types and the like. And coding and integrating the information needing to be configured to form corresponding configuration information, setting triggering information based on the triggering requirement, and automatically analyzing the configuration information based on the triggering information and automatically executing subsequent content configuration by the service application module during subsequent configuration.
Preferably, the configuration information includes: role type, organization structure and permission type; the role types include: user information of a current tenant corresponding organization, user group information corresponding to each user, role information corresponding to each user group and authority information of each role; the tissue structure includes: the method comprises the following steps of associating table information of users and roles, associating table information of users and user groups, associating table information of user groups and roles and associating table information of roles and authorities.
In the embodiment of the invention, the method determines that each tenant needs to be configured with information such as corresponding specific role types, organization results, authority types and the like by introducing configuration files, writing codes and the like. And calling the user management module, the role management module, the organization management module and an interface provided by the authority management module in a service application module, and creating tables such as a user, authority, role, user group, a user and role association table, a user and user group association table, a user and role association table, a role and authority association table and the like of corresponding organizations. And calling the interfaces provided by the user management module, the role management module, the organization management module and the authority management module by reading the configuration file to create basic data of a specific authority management system. And loading the authority information of the organization structure of the user authority management system in the configuration file or the custom code, checking the integrity and the effectiveness of the configuration information, and calling an interface in the authority management module. And loading the configuration information of the authority type of the user authority management system in a configuration file or a custom code, checking the integrity and the effectiveness of the configuration information, and creating authority basic data in the authority management module database.
Preferably, the service application module includes: the system comprises a permission management module, an organization management module, a user group management module, a role management module and a user management module; the user management module provides an interface for dynamically configuring user information in an organization corresponding to a specific tenant in the user authority management system; the user management module also provides an interface for synchronizing the user information existing in the organization corresponding to the specific tenant into the user authority management system; the organization management module provides an interface for dynamically configuring a specific organization structure in an organization corresponding to a specific tenant in the user authority management system; the user group management module provides an interface for dynamically configuring specific user group information in an organization corresponding to a specific tenant in the user authority management system; the role management module provides an interface for dynamically configuring specific role information in an organization corresponding to a specific tenant in the user role management system; the user authority management system is a target configuration system configured for the tenant.
In the embodiment of the invention, the user management module provides an interface for dynamically configuring the user information field in the organization corresponding to the specific tenant in the user authority management system. The user management module also provides an interface for synchronizing the user information existing in the organization corresponding to the specific tenant into the user authority management system. The user management module also provides the registration in the user authority management system; and logging in the user authority management system and other basic functions according to the information such as the user account number, the password and the like obtained by registration. Specifically, an interface in the role management module is called in the service application module, the configuration information of the role of the user authority management system in the configuration file or the user-defined code is loaded, the integrity and the effectiveness of the configuration information are verified, and a user management interface provided by the user management module is called. In addition, in the service management system, after different tenants are switched, the user management module also switches to the user information corresponding to the organization.
Preferably, the organization management module provides an organization management interface, and the organization management module provides an interface for dynamically configuring a specific organization structure in an organization corresponding to a specific tenant in the user right management system. The method comprises the steps of creating and managing groups in an organization tree structure corresponding to specific tenants through an organization management interface, wherein the groups are nodes in the tree structure, and the nodes are concepts of sub organizations. Specifically, the organizational structure tree structure of the user authority management system and the configuration information of the group in the tree structure are loaded in a configuration file or a custom code in a service application management module, the integrity and the validity of the configuration information are checked, and an interface in the organizational management module is called.
Preferably, the user group management module provides a user group management interface, and in the invention, the user group management module provides an interface for dynamically configuring a specific user group structure in an organization corresponding to a specific tenant in the user authority management system. When a user group is added, users under different organizations can be selected for the user group, the nearest public father organization of the organization where the selected user is located is found, and the organization is set as the organization to which the user group belongs. Specifically, the configuration information of the user group of the user right management system in a configuration file or a custom code is loaded in the service application management module, the integrity and the validity of the configuration information are checked, and an interface in the user group management module is called.
Preferably, the role management module provides an interface for dynamically configuring a specific role type in an organization corresponding to a specific tenant in the user role management system. The role management module allocates one or more roles to the user or the user group, the member users are added into the user group, and the added member users acquire all roles in the user group. And loading configuration information of the user authority management system in a configuration file or a custom code in the service application module, checking the integrity and the effectiveness of the configuration information, and calling an interface in the user management module.
Preferably, the authority management module provides an interface for dynamically configuring a specific authority type in an organization corresponding to a specific tenant in the user authority management system. And creating and managing a specific authority and a group in the authority tree structure through an authority management interface, wherein the group is a node in the tree structure, and the node is an authority point in the specific authority. Specifically, in the service application module, the authority information of the organization structure of the user authority management system in the configuration file or the user-defined code is loaded, the integrity and the validity of the configuration information are checked, and an interface in the authority management module is called.
Preferably, the user management component is introduced into the business application system when the business application system is deployed, and the user management component is introduced into the business application system through plug-in computing or AOP technology.
Preferably, the system further comprises: the authority building module is used for configuring an authority management system of the current tenant; the authority management system is built based on an integrated Spring Security framework and a Jwt framework.
In the embodiment of the invention, a dynamic authority management scheme is realized by improving the RBAC model and integrating a Spring Security framework and a Jwt framework, the dynamic authority management scheme can be conveniently integrated into a mainstream Java background server, the flexibility is high, and the workload of a website administrator is greatly reduced. The system is used as a container of the whole software based on Spring, and is used for integrating all used frames, realizing dependence reversal and managing the frames of the whole software; a Spring Security framework is used for marking website resources, intercepting user requests, calculating user permissions and deciding whether a user can perform related operations; and using a Jwt frame for marking a login user, encrypting a user account number and recording the user account number as a token, caching user information, and taking the requested token to verify the validity of the user when the user logs in. Configuring various databases for storing user data, role data, authority data, user role many-to-many data, role authority many-to-many data and special user authority data, and realizing the requirements of different systems on the databases; the front-end page is compiled through vue2 and used for providing a webpage view file for each service, and the Web webpage which the user has the authority to access is presented to the user after the calling of the Spring MVC module is received.
In one possible implementation, when a user logs in using a username and password, the username is passed into JwtFilter, jwTauthentiationSevice, authentication Manger, jwTUserDetailService in that order. The scheme of the invention self-defines the JwtUserDetailService class, and if the request has the token, the token of the request is taken and the validity of the token is solved. After the verification is passed, the decoding token takes the incoming username. And if the request has no token, taking the incoming user name, calling a database intermediate layer method to search a database, sequentially inquiring a user corresponding to the user name, a corresponding role set, a corresponding authority set and a corresponding authority name set from the database, and finally obtaining an authority name set corresponding to the user name, wherein the set is a marked character string set on all controller methods which are accessed by the user with authority.
Further, the queried user name, password and authority name set are returned to the authentication manager of Spring Security. In the Authentication method of the Authentication manager, a user name and a password are verified, and a verification result and a set of permissions owned by the user are packaged into the Authentication class. Whether a certain controller method is authorized to access is judged in the Access decision manager according to the Authentication information of the user, the controller method is an entrance of a webpage function, and whether the limited user has the authority to access a certain webpage or perform certain webpage operation is also limited, so that the authority control is realized.
Preferably, the service application module is further configured to, after obtaining the corresponding configuration information, perform the configuration information verification, including: checking whether the analogy of the current group and the superior group of the current group conforms to the category constraint relation of the superior and inferior groups of multiple organizations in the tree structure, if not, the checking fails, otherwise, the checking succeeds; the group is a node in an organization tree structure corresponding to a specific tenant; the organizing mechanism tree is formed step by step based on the constraint relation among all groups.
In a possible implementation manner, the organization management module provides an interface for dynamically configuring a specific organization structure in an organization corresponding to a specific tenant in the user right management system. The group in the organization tree structure corresponding to the specific tenant is created and managed through the organization management interface, the group is a node in the tree structure, and the node is a concept of a sub organization. And calling an interface in the organization management module, loading the tree structure of the organization structure of the user authority management system in the configuration file or the self-defined code and the configuration information of the group in the tree structure, and checking the integrity and the effectiveness of the configuration information. That is, whether the group categories of the superior group and the local group accord with the category constraint relationship of the superior and inferior groups of the tree-structure multi-organization is checked, if not, the parameters are wrong, the group initialization fails, and the group initialization is exited.
Fig. 2 is a flowchart of a method for configuring tenant information under multiple organizations according to an embodiment of the present invention. As shown in fig. 2, an embodiment of the present invention provides a tenant information configuration method under multiple organizations, where the method includes:
step S10: and introducing tenant configuration trigger information.
Specifically, it is determined that each tenant needs to configure information corresponding to a specific role type, organization result, authority type, and the like by introducing a configuration file, writing a code, and the like. And calling interfaces provided by a user management module, a role management module, an organization management module and a permission management module in the service application module, and creating tables such as a user, permission, role, user group, user and role association table, a user and user group association table, a user and role association table, a role and permission association table and the like of corresponding organizations.
Step S20: and analyzing the tenant configuration trigger information to obtain corresponding configuration information.
Specifically, the verifying the configuration information includes: checking whether the analogy of the current group and the superior group of the current group conforms to the category constraint relation of the superior and inferior groups of multiple organizations in the tree structure, if not, the checking fails, otherwise, the checking succeeds; the group is a node in an organization tree structure corresponding to a specific tenant; the set of the organizational structure tree is constructed step by step based on the constraint relation among the groups.
After the verification is completed, when the user group is added, users under different organizations can be selected for the user group, the nearest public father organization of the organization where the selected user is located is found, and the organization is set as the organization to which the user group belongs. And calling an interface in a user group management module, loading configuration information of the organization user group of the user authority management system in a configuration file or a custom code, and checking the integrity and the validity of the configuration information. And calling an interface in the user group management module.
Step S30: and deploying all items of configuration information of the corresponding tenants in parallel.
Specifically, organization structure data is created in a database, and an association relationship between each group of the organization structure and the role is created. User group data is created in a database, and an association relationship between each user group and a role is created. And calling an interface in the user management module, loading configuration information of a user of the user authority management system in the configuration file or the user-defined code, checking the integrity and the validity of the configuration information, and creating user basic data in a database.
Furthermore, an interface in the user management module is called, configuration information of the user and the group of the user authority management system in the configuration file or the self-defined code is loaded, and the association relationship between the user and the group is established. And creating the association relationship between the user and the group role.
Furthermore, an interface in the user management module is called, configuration information of users and user groups of the user authority management system in the configuration file or the user-defined code is loaded, and the association relationship between the users and the user groups is established. And creating an association relation between the user and the user group role.
Furthermore, an interface in the user management module is called, configuration information of the user and the role of the user authority management system in the configuration file or the self-defined code is loaded, and the incidence relation between the user and the role is established.
Embodiments of the present invention also provide a computer-readable storage medium, which stores instructions that, when executed on a computer, cause the computer to execute the above tenant information configuration method under various organizations.
Those skilled in the art will appreciate that all or part of the steps in the method for implementing the above embodiments may be implemented by a program, which is stored in a storage medium and includes several instructions to enable a single chip, a chip, or a processor (processor) to execute all or part of the steps in the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
While the embodiments of the present invention have been described in detail with reference to the accompanying drawings, the embodiments of the present invention are not limited to the details of the above embodiments, and various simple modifications can be made to the technical solution of the embodiments of the present invention within the technical idea of the embodiments of the present invention, and the simple modifications are within the scope of the embodiments of the present invention. It should be noted that the various features described in the above embodiments may be combined in any suitable manner without departing from the scope of the invention. In order to avoid unnecessary repetition, the embodiments of the present invention will not be described separately for the various possible combinations.
In addition, any combination of the various embodiments of the present invention is also possible, and the same should be considered as disclosed in the embodiments of the present invention as long as it does not depart from the spirit of the embodiments of the present invention.
Claims (12)
1. A tenant information configuration system under a plurality of organizations, the system comprising:
the acquisition module is used for introducing tenant configuration trigger information;
the business application module is used for analyzing the tenant configuration trigger information to obtain various configuration information of the corresponding tenant;
the back end of the service application module is connected with a plurality of sub-management modules which are used for deploying all configuration information of corresponding tenants in parallel.
2. The system of claim 1, wherein the tenant configuration trigger is a configuration file or pre-written code.
3. The system of claim 1, wherein the configuration information comprises:
role type, organizational structure, and permission type;
the role types include:
user information of a current tenant corresponding organization, user group information corresponding to each user, role information corresponding to each user group and authority information of each role;
the tissue structure includes:
the method comprises the following steps of associating table information of users and roles, associating table information of users and user groups, associating table information of user groups and roles and associating table information of roles and authorities.
4. The system of claim 3, wherein the service application module comprises:
the system comprises a permission management module, an organization management module, a user group management module, a role management module and a user management module;
the user management module provides an interface for dynamically configuring user information in an organization corresponding to a specific tenant in the user authority management system;
the user management module also provides an interface for synchronizing the user information existing in the organization corresponding to the specific tenant into the user authority management system;
the organization management module provides an interface for dynamically configuring a specific organization structure in an organization corresponding to a specific tenant in the user authority management system;
the user group management module provides an interface for dynamically configuring specific user group information in an organization corresponding to a specific tenant in the user authority management system;
the role management module provides an interface for dynamically configuring specific role information in an organization corresponding to a specific tenant in the user role management system; wherein the content of the first and second substances,
the user authority management system is a target configuration system configured for the tenant.
5. The system of claim 4, further comprising:
the authority building module is used for configuring an authority management system of the current tenant;
the authority management system is built based on an integrated Spring Security framework and a Jwt framework.
6. The system according to claim 1, wherein the service application module is further configured to perform the configuration information check after obtaining various configuration information of corresponding tenants, including:
checking whether the analogy of the current group and the superior group of the current group conforms to the category constraint relation of the superior and inferior groups of multiple organizations in the tree structure, if not, the checking fails, otherwise, the checking succeeds; wherein the content of the first and second substances,
the group is a node in an organization tree structure corresponding to a specific tenant;
the organization tree structure is constructed step by step based on the constraint relationship among the groups.
7. The method for configuring the tenant information under the multiple organizations is implemented based on the tenant information configuration system under the multiple organizations of any one of claims 1 to 6, and comprises the following steps:
introducing tenant configuration trigger information;
analyzing the tenant configuration trigger information to obtain various configuration information of the corresponding tenant;
and deploying all pieces of configuration information of the corresponding tenants in parallel.
8. The method of claim 7, wherein the tenant configuration trigger is a configuration file or pre-written code.
9. The method of claim 8, wherein the configuration information comprises:
role type, organization structure and permission type;
the role types include:
user information organized correspondingly by current tenants, user group information corresponding to each user, role information corresponding to each user group, and authority information of each role;
the tissue structure includes:
the method comprises the following steps of associating table information of users and roles, associating table information of users and user groups, associating table information of user groups and roles and associating table information of roles and authorities.
10. The method according to claim 9, wherein before the parallel deployment of items of configuration information of corresponding tenants, the method further comprises:
performing the configuration information verification, including:
checking whether the analogy of the current group and the superior group of the current group conforms to the category constraint relation of the superior and inferior groups of multiple organizations in the tree structure, if not, the checking fails, otherwise, the checking succeeds; wherein, the first and the second end of the pipe are connected with each other,
the group is a node in an organization tree structure corresponding to a specific tenant;
the organization tree structure is constructed step by step based on the constraint relationship among the groups.
11. The method according to claim 10, wherein the deploying items of configuration information of corresponding tenants in parallel comprises:
creating user information;
establishing organization structure data, establishing an incidence relation between each group and the role in the organization structure, and obtaining a group role;
creating user group data, creating an incidence relation between each user group and the role, and acquiring the user group role;
creating an incidence relation between a user and the group role;
creating an incidence relation between a user and the user group role;
and creating an association relationship between the user and the role.
12. A computer-readable storage medium having instructions stored thereon, which when executed on a computer, cause the computer to perform the method for configuring tenant information under various organizations as claimed in any one of claims 7-11.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310240360.8A CN115952487A (en) | 2023-03-14 | 2023-03-14 | Tenant information configuration system and method under various organizations |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310240360.8A CN115952487A (en) | 2023-03-14 | 2023-03-14 | Tenant information configuration system and method under various organizations |
Publications (1)
Publication Number | Publication Date |
---|---|
CN115952487A true CN115952487A (en) | 2023-04-11 |
Family
ID=87286338
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310240360.8A Pending CN115952487A (en) | 2023-03-14 | 2023-03-14 | Tenant information configuration system and method under various organizations |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115952487A (en) |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110535851A (en) * | 2019-08-27 | 2019-12-03 | 浪潮云信息技术有限公司 | A kind of customer certification system based on oauth2 agreement |
CN111131301A (en) * | 2019-12-31 | 2020-05-08 | 江苏徐工信息技术股份有限公司 | Unified authentication and authorization scheme |
CN111898149A (en) * | 2020-08-05 | 2020-11-06 | 湖南优美科技发展有限公司 | User management system and method for multiple organizations |
WO2021218328A1 (en) * | 2020-04-28 | 2021-11-04 | 深圳壹账通智能科技有限公司 | Multi-tenant access service implementation method, apparatus and device, and storage medium |
CN114491495A (en) * | 2022-01-24 | 2022-05-13 | 上海脑虎科技有限公司 | Information system authority management device and method |
CN114928460A (en) * | 2022-02-14 | 2022-08-19 | 上海大学 | Multi-tenant application integration framework system based on micro-service architecture |
CN115643093A (en) * | 2022-10-27 | 2023-01-24 | 上海申雪供应链管理有限公司 | Authority management and control method, system, equipment and medium based on organization architecture |
-
2023
- 2023-03-14 CN CN202310240360.8A patent/CN115952487A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110535851A (en) * | 2019-08-27 | 2019-12-03 | 浪潮云信息技术有限公司 | A kind of customer certification system based on oauth2 agreement |
CN111131301A (en) * | 2019-12-31 | 2020-05-08 | 江苏徐工信息技术股份有限公司 | Unified authentication and authorization scheme |
WO2021218328A1 (en) * | 2020-04-28 | 2021-11-04 | 深圳壹账通智能科技有限公司 | Multi-tenant access service implementation method, apparatus and device, and storage medium |
CN111898149A (en) * | 2020-08-05 | 2020-11-06 | 湖南优美科技发展有限公司 | User management system and method for multiple organizations |
CN114491495A (en) * | 2022-01-24 | 2022-05-13 | 上海脑虎科技有限公司 | Information system authority management device and method |
CN114928460A (en) * | 2022-02-14 | 2022-08-19 | 上海大学 | Multi-tenant application integration framework system based on micro-service architecture |
CN115643093A (en) * | 2022-10-27 | 2023-01-24 | 上海申雪供应链管理有限公司 | Authority management and control method, system, equipment and medium based on organization architecture |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11675774B2 (en) | Remote policy validation for managing distributed system resources | |
CN109478149B (en) | Access services in a hybrid cloud computing system | |
CN109688120B (en) | Dynamic authority management system based on improved RBAC model and Spring Security framework | |
US9992166B2 (en) | Hierarchical rule development and binding for web application server firewall | |
US9824233B2 (en) | Posixly secure open and access files by inode number | |
CN109479062B (en) | Usage tracking in hybrid cloud computing systems | |
US20160013983A1 (en) | System and method for supporting connectors in a multitenant application server environment | |
CN107222487B (en) | Account docking system in hybrid cloud environment | |
US11888856B2 (en) | Secure resource authorization for external identities using remote principal objects | |
US9740870B1 (en) | Access control | |
US20230195877A1 (en) | Project-based permission system | |
CN111898149A (en) | User management system and method for multiple organizations | |
CN107748849A (en) | A kind of authority control method and system based on NFS | |
CN110266792A (en) | Address conversion method, device, equipment and computer readable storage medium | |
US10104163B1 (en) | Secure transfer of virtualized resources between entities | |
CN112463203A (en) | SELinux management configuration method, system, equipment and medium | |
US11783049B2 (en) | Automated code analysis tool | |
CN109902497A (en) | A kind of access authority management method and system towards big data cluster | |
CN109145621A (en) | Document management method and device | |
CN115952487A (en) | Tenant information configuration system and method under various organizations | |
US11947694B2 (en) | Dynamic virtual honeypot utilizing honey tokens and data masking | |
US10572805B2 (en) | Service modeling and execution | |
KR20050073349A (en) | System for controlling database access based on 3-tier structure and method thereof | |
Cao et al. | Unified account management for high performance computing as a service with microservice architecture | |
US11632380B2 (en) | Identifying large database transactions |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20230411 |