CN102647296B - Business registering method based on authorization setting - Google Patents
Business registering method based on authorization setting Download PDFInfo
- Publication number
- CN102647296B CN102647296B CN201210097316.8A CN201210097316A CN102647296B CN 102647296 B CN102647296 B CN 102647296B CN 201210097316 A CN201210097316 A CN 201210097316A CN 102647296 B CN102647296 B CN 102647296B
- Authority
- CN
- China
- Prior art keywords
- user
- service
- application
- database
- registration
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The invention provides a business registering method based on authorization setting. The business registering method is implemented by running a business server. The same personnel is prevented from registering a business user repeatedly by checking a registered user ID (Identity) and real identity information included in registration application information after registration application information submitted by a client is received, and a corresponding privilege level of a newly-registered business user ID can be determined and a corresponding privilege can be set according to a superior user ID in the registration application information, so that the automation capability of the business server on setting of a business user privilege is increased, the workload of privilege managing technical personnel is lowered, unfavorable influences of low working efficiency of privilege managing technical personnel, manual errors and the like on the processing efficiency and normal running of an entire business are avoided, and the overall processing efficiency and managing level of a service business are increased.
Description
Technical field
The present invention relates to internet technique and service service technique, particularly a kind of service log-on method arranging based on authority.
Background technology
Along with the development of internet technique and service server technology, the service business in internet emerges in an endless stream, and people's work, life have all brought increasing facility; Particularly cloud computing service server technology obtains paying attention to more and more widely and wideling popularize, and the business service kind that can obtain by internet following people also will be more and more abundanter.In the service business providing by internet, conventionally need to limit by the authority of different rights grade is set different business user's the business function scope of application, to be convenient to service management.At present, for some public service business general, that management expectancy is not high, such as instant messaging business (as MSN, QQ business etc.), information issuing service (as forum, microblogging etc.), consumption online account business (such as Web bank, online shopping mall etc.) etc., conventionally be all as service-user distributes, authority to be set by least privilege grade in the time that service-user is successfully registered, then promote step by step the Permission Levels of service-user with certain grade of service growth rule.But, there are specific transactions service range or management expectancy compared with for high service business for some, the enterprise's cloud service business that enterprise information/management operation is provided for example designing for enterprise specially, or between service-user, relate to some public service business of the superior and the subordinate's regulatory requirement etc., in this class business, the requirement of service-user rights management is often needed and practical work, administrative relationships in transaction environment between related personnel are corresponding, therefore can not adopt above-mentioned simple authority Lookup protocol to be treated to each service-user in business authority is set, conventionally can only rely on special rights management techniques personnel according to management expectancy, the authority of each service-user in business manually to be arranged, therefore in the case of the related service-user One's name is legion of business, in business, rights management techniques personnel's workload will sharply increase, task is heavy, working strength is large, and the inefficiency of authority is manually set, easily make mistakes, to the treatment effeciency of whole business, normal operation all may cause adverse effect.
Summary of the invention
For above shortcomings in prior art, the object of the present invention is to provide a kind of service log-on method arranging based on authority, with for the above-mentioned service business higher to management expectancy, improve its service-user authority automatic capability is set, alleviate rights management techniques personnel workload, thereby help overall treatment efficiency and the managerial skills of raising business.
For achieving the above object, the present invention has adopted following technological means:
A kind of service log-on method, is carried out by service server operation; Described service server data are connected with Permission Levels database, true identity information database and registered user's database; Described Permission Levels data-base recording has authority corresponding to each Permission Levels in business; Described true identity information database records citizen's true identity information; Described registered user's database is for recording the service-user ID and corresponding true identity information and the authority of service-user ID that complete registration; The method comprises the steps:
1) receive the registration request that client sends, judge what whether this registration request sent for the login link of issuing by service-user ID; If so, perform step 2); Otherwise execution step 4);
2) send for typing and submit to the application for registration information of application for registration information to submit window to described client, described application for registration information submits to window to comprise registered user ID, true identity information and upper level user ID for the application for registration information of typing, and initiatively the service-user ID that issues described login link is submitted in window as upper level user ID typing application for registration information; Then wait for described client submission application for registration information; In the time receiving the application for registration information of described client submission, execution step 3);
3) the application for registration information receiving is verified; If the registered user ID that does not include registered user ID in this application for registration information or comprise has been recorded in registered user's database, sends the prompting message of typing user ID again to described client, and return to step 2); If the true identity information that does not include true identity information in this application for registration information or comprise has been recorded in registered user's database without the record matching or the true identity information comprising in true identity information database, send the prompting message of the information of typing true identity again to described client, and return to step 2); Otherwise, execution step 8);
4) send for typing and submit to the application for registration information of application for registration information to submit window to described client, described application for registration information submits to window to comprise registered user ID, true identity information and the upper level user ID of request registration for the application for registration information of typing; Then wait for described client submission application for registration information; In the time receiving the application for registration information of described client submission, execution step 5);
5) the application for registration information receiving is verified; If the registered user ID that does not include registered user ID in this application for registration information or comprise has been recorded in registered user's database, sends the prompting message of typing user ID again to described client, and return to step 4); If the true identity information that does not include true identity information in this application for registration information or comprise has been recorded in registered user's database without the record matching or the true identity information comprising in true identity information database, send the prompting message of the information of typing true identity again to described client, and return to step 4); Otherwise, execution step 6);
6) judge in the application for registration information receiving whether include upper level user ID; If so, continue execution step 7); Otherwise, execution step 9);
7) judge whether the upper level user ID comprising in the application for registration information receiving is the service-user ID recording in registered user's database; If so, perform step 8); Otherwise, execution step 9);
8) using the registered user ID comprising in the application for registration information of reception and true identity information respectively as new service-user ID and true identity information recording corresponding to this new service-user ID in registered user's database, and judge by inquiry registered user's database and authority information database whether as authority corresponding to the service-user ID of upper level user ID be least privilege grade; If so, using as Permission Levels of privilege-escalation corresponding to the service-user ID of upper level user ID, then described new authority corresponding to service-user ID be set in registered user's database by least privilege grade; Otherwise, by the service-user ID as upper level user ID next Permission Levels of corresponding authority described new authority corresponding to service-user ID is set in registered user's database, complete registration;
9) using the registered user ID comprising in the application for registration information of reception and true identity information respectively as new service-user ID and true identity information recording corresponding to this new service-user ID in registered user's database, and this new authority corresponding to service-user ID is set in registered user's database by least privilege grade, complete registration.
In above-mentioned service log-on method, as further improvement, after described step 8) is complete, also continue execution step 10):
10) send described new service-user ID and be successfully registered as the user's of its subordinate prompting message to the client at the service-user ID place as upper level user ID.
In above-mentioned service log-on method, particularly, described true identity information comprises Real Name and corresponding ID card No. or the officer's identity card number of described Real Name.
Than prior art, the present invention has following beneficial effect:
1, utilization the present invention is based on the service log-on method that authority arranges, service server can be according to the upper level user ID comprising in the application for registration information receiving in service log-on process, the Permission Levels corresponding as the service-user ID of upper level user ID are known in inquiry, thereby the authority corresponding to service-user ID of new registration is set by its next Permission Levels automatically, thereby improve the automatic capability that service server arranges service-user authority, greatly alleviate rights management techniques personnel workload, contribute to improve overall treatment efficiency and the managerial skills of business.
2, the present invention is based in the service log-on method of authority setting, adopt the mode of determining the Permission Levels that the service-user ID of new registration is corresponding by upper level user ID, avoided causing can Permission Levels being arbitrarily set, causing service-user authority that chaotic problem is set because of the service log-on processing of service server self.
3, the present invention is based in the service log-on method of authority setting, all can verify for the registered user ID and the true identity information that comprise in the application for registration information of accepting, can effectively avoid the repeated registration of same personnel in business, cause service-user authority that chaotic problem is set.
4, the present invention is based in the service log-on method of authority setting, for the situation of not submitting upper level user ID in application for registration information to, directly authority corresponding the service-user ID of new registration is pressed to the setting of least privilege grade, as authority, safe precaution measure is set using this, the service authority scope of the service-user ID that does not know Permission Levels is limited.
Accompanying drawing explanation
Fig. 1 is the FB(flow block) that the present invention is based on the service log-on method of authority setting.
Embodiment
Be directed to some and have specific transactions service range or the higher service business of management expectancy, owing in its business, the requirement of service-user rights management being needed and practical work, administrative relationships in transaction environment between related personnel are corresponding, can only rely in the prior art special rights management techniques personnel according to management expectancy, the authority of each service-user in business manually to be arranged, thereby cause rights management techniques personnel task heavy, working strength is large, inefficiency, the problem of easily makeing mistakes, the invention provides a kind of service log-on method arranging based on authority, this service log-on method is carried out by service server operation, receiving after the application for registration information of client submission, avoid same personnel's repeated registration service-user by examining the registered user ID and the true identity information that comprise in application for registration information, can also determine the Permission Levels that the service-user ID of new registration is corresponding and corresponding authority is set according to the upper level user ID in application for registration information, automatic capability service-user authority being arranged to improve service server, alleviate rights management techniques personnel workload, avoid the inefficiency because of rights management techniques personnel, people is the treatment effeciency of situation to whole business such as make mistakes, normal operation causes adverse effect, contribute to improve overall treatment efficiency and the managerial skills of service business.
The present invention is based on the concrete technical scheme of service log-on method that authority arranges as follows.This service log-on method is carried out by service server operation; Service server data are connected with Permission Levels database, true identity information database and registered user's database; Wherein, Permission Levels data-base recording has authority corresponding to each Permission Levels in business, basis to be set as the authority of different rights grade; True identity information database records citizen's true identity information, using the checking of the citizen's true identity in the reality basis as traffic aided personnel; Registered user's database, for recording the service-user ID and corresponding true identity information and the authority of service-user ID that complete registration, is inquired about basis using the identity ID checking basis of registered service-user in business and corresponding Permission Levels thereof.Permission Levels database, true identity information database and registered user's database can be arranged in the database server being independent of outside service server, also can be arranged on service server this locality, as long as guarantee that service server has data to be connected with Permission Levels database, true identity information database and registered user's Database, to realize the read/write operation of service server to related data.The concrete set-up mode of true identity information database, may be according to the difference of applied environment and different; For example, if (service business providing for enterprise specially) in the service business of specific transactions service range is provided this service log-on method, can set up voluntarily true identity information database, for example, as long as wherein record the true identity information (each staff's true identity information in enterprise) of each person skilled in specific transactions service range; If this service log-on method is applied in the public service business that relates to the superior and the subordinate's regulatory requirement between service-user, because the scope of business relates to citizen masses, therefore true identity information database may be achieved by means of citizenship information database in Management system for police.True identity information described in the inventive method, mainly identity card or officer's identity card information, be ID card No. or the officer's identity card number that Real Name and described Real Name are corresponding, to guarantee that service server can confirm and verify traffic aided personnel's true identity; Certainly, if be directed to some more secret, more special service business, true identity information is not limited to Real Name and corresponding ID card No. or officer's identity card number thereof, can also comprise that fingerprint surface sweeping image, iris scan image or recognition of face image etc. can identify by high-tech means the data message of personnel's true identity.The flow chart of the service log-on method that should arrange based on authority as shown in Figure 1, comprises the steps:
1) receive the registration request that client sends, judge what whether this registration request sent for the login link of issuing by service-user ID; If so, perform step 2); Otherwise execution step 4).
Step 1) is mainly used in judging the source of registration request, to enter different service log-on tupes according to this source, in the step of concrete service log-on tupe below, describes in detail.The judgement processing whether sending for the login link of issuing by service-user ID about registration request, its technical implementation way has a lot; For example can in the login link that service-user ID issues, carry link identification information, in link identification information, record the service-user ID that issues this login link, in the time having client to pass through login link to send registration request, send in the lump entrained link identification information, service server just can judge what whether this registration request sent for the login link of issuing by service-user ID according to whether comprising link identification information, and by the parsing of link identification information being determined to the service-user ID of this login link of issue; Those skilled in the art can also adopt according to its technological know-how scope other specific information recognition technology, and the registration request that the login link of issuing by service-user ID is sent is identified as specific information, realize judgement.
2) send for typing and submit to the application for registration information of application for registration information to submit window to described client, described application for registration information submits to window to comprise registered user ID, true identity information and upper level user ID for the application for registration information of typing, and initiatively the service-user ID that issues described login link is submitted in window as upper level user ID typing application for registration information; Then wait for described client submission application for registration information; In the time receiving the application for registration information of described client submission, execution step 3).
Step 2) by judging in step 1) that this registration request is triggered execution for the login link of issuing by service-user ID sends, in this step, service server enters the initiatively service log-on tupe of typing upper level user ID, send application for registration information to client and submit to after window, initiatively the service-user ID that issues described login link is submitted in window as upper level user ID typing application for registration information; So, the personnel of application service log-on are just without typing upper level user ID voluntarily again, for the service log-on operation of client offers convenience.Application for registration information processing can comprise registered user ID, true identity information and upper level user ID, can also comprise login password, mailbox for subsequent use, individual's introduction etc. out of Memory, and its range of information is determined according to the demand of practical business.In the time receiving the application for registration information of described client submission, service server enters application for registration information verification handling process, execution step 3).
3) the application for registration information receiving is verified; If the registered user ID that does not include registered user ID in this application for registration information or comprise has been recorded in registered user's database, sends the prompting message of typing user ID again to described client, and return to step 2); If the true identity information that does not include true identity information in this application for registration information or comprise has been recorded in registered user's database without the record matching or the true identity information comprising in true identity information database, send the prompting message of the information of typing true identity again to described client, and return to step 2); Otherwise, execution step 8).
Step 3), in the verification processing procedure of application for registration information, is verified the registered user ID comprising in application for registration information and true identity information respectively; If do not comprise registered user ID or true identity information in application for registration information, service server confirms that the application for registration information content is imperfect, sends again respectively the prompting message of typing registered user ID or the information of typing true identity again to described client; If the registered user ID comprising in application for registration information has been recorded in registered user's database, show that this registered user ID is registered and used, for avoiding identical ID repeated registration, point out described client typing user ID again; If the true identity information comprising in application for registration information has been recorded in registered user's database without the record matching or the true identity information comprising in true identity information database, the former shows that true identity Data Enter is wrong and does not verify by true identity, personnel corresponding to latter this true identity information of surface had registered service-user ID, avoid same personnel's repeated registration, therefore point out described client typing true identity again information.Particularly be directed to the requirement of service-user rights management need to and practical work, transaction environment in the corresponding service business of administrative relationships between related personnel, it is very important avoiding the repeated registration of same personnel in business.Certainly,, for above-mentioned different situation, in corresponding information, can comprise more detailed prompting explanation, so that the concrete reason of pointing out typing to be again described.Send after prompting message, all return to execution step 2), treat described client typing and submission application for registration information related content again.If there is not above-mentioned situation in this step, verify and pass through, execution step 8).Here, due to step 2) in by initiatively typing upper level user ID of service server, and can determine that the upper level user ID of this typing is the service-user ID in business, therefore step 3) is without again upper level user ID being verified to processing.
4) send for typing and submit to the application for registration information of application for registration information to submit window to described client, described application for registration information submits to window to comprise registered user ID, true identity information and the upper level user ID of request registration for the application for registration information of typing; Then wait for described client submission application for registration information; In the time receiving the application for registration information of described client submission, execution step 5).
Step 4) is triggered execution by judging in step 1) that login link that this registration request is not issued by service-user ID sends, in this step, service server enters conventional service log-on tupe, send application for registration information to client and submit to after window, the personnel that the wait for application service log-on whole application for registration information of typing submitting to voluntarily.In the time receiving the application for registration information of described client submission, service server enters application for registration information verification handling process, execution step 5).
5) the application for registration information receiving is verified; If the registered user ID that does not include registered user ID in this application for registration information or comprise has been recorded in registered user's database, sends the prompting message of typing user ID again to described client, and return to step 4); If the true identity information that does not include true identity information in this application for registration information or comprise has been recorded in registered user's database without the record matching or the true identity information comprising in true identity information database, send the prompting message of the information of typing true identity again to described client, and return to step 4); Otherwise, execution step 6).
Step 5) is identical with step 3) to the verification processing procedure of application for registration information, is all that the substance in order to guarantee application for registration information is complete, and avoids repeated registration; The handling process that just belongs to conventional service log-on tupe due to this step, sends after prompting message at server, returns to execution step 4); If there is not above-mentioned situation in this step,, verify and pass through, continue execution step 6), further judge in the application for registration information receiving whether include upper level user ID.
6) judge in the application for registration information receiving whether include upper level user ID; If so, continue execution step 7); Otherwise, execution step 9);
7) judge whether the upper level user ID comprising in the application for registration information receiving is the service-user ID recording in registered user's database; If so, perform step 8); Otherwise, execution step 9).
Step 6) and step 7) are for being verified processing to the upper level user ID of application for registration information.Due in the conventional service log-on tupe of service server, by personnel's typing application for registration information voluntarily of application service log-on, for its situation of typing upper level user ID not, service server just cannot be confirmed its Permission Levels, performs step 9); There is the situation of upper level user ID for typing in application for registration information, whether service server is examined described upper level user ID is again the service-user ID recording in registered user's database, because need to confirm that described upper level user ID is the service-user ID recording in registered user's database, can determine according to the corresponding Permission Levels of service-user ID as upper level user ID the Permission Levels of the service-user ID of new registration; If examine errorlessly, perform step 8); If the service-user ID recording in described upper level user ID nonregistered user database,, owing to cannot confirming the Permission Levels of service-user ID of new registration, therefore performs step 9).
8) using the registered user ID comprising in the application for registration information of reception and true identity information respectively as new service-user ID and true identity information recording corresponding to this new service-user ID in registered user's database, and judge by inquiry registered user's database and authority information database whether as authority corresponding to the service-user ID of upper level user ID be least privilege grade; If so, using as Permission Levels of privilege-escalation corresponding to the service-user ID of upper level user ID, then described new authority corresponding to service-user ID be set in registered user's database by least privilege grade; Otherwise, by the service-user ID as upper level user ID next Permission Levels of corresponding authority described new authority corresponding to service-user ID is set in registered user's database, complete registration.
In application for registration information, include registered user ID, true identity information and upper level user ID simultaneously and all examine errorless in the situation that, perform step 8), allow the registered user ID in application for registration information to be successfully registered as new service-user ID, and by the service-user ID as upper level user ID next Permission Levels of corresponding authority described new authority corresponding to service-user ID is set, complete registration; In this process, if determining as authority corresponding to the service-user ID of upper level user ID is least privilege grade, show that as personnel corresponding to the service-user ID of the upper level user ID managerial class in practical work, transaction environment has got a promotion and Permission Levels in this business are not upgraded in time, therefore service server is initiatively using as Permission Levels of privilege-escalation corresponding to the service-user ID of upper level user ID.
9) using the registered user ID comprising in the application for registration information of reception and true identity information respectively as new service-user ID and true identity information recording corresponding to this new service-user ID in registered user's database, and this new authority corresponding to service-user ID is set in registered user's database by least privilege grade, complete registration.
In application for registration information, include registered user ID and true identity information and examine errorless but do not comprise upper level user ID in the situation that, perform step 9), allow the registered user ID in application for registration information to be successfully registered as new service-user ID, authority corresponding the service-user ID of new registration is pressed to the setting of least privilege grade, as authority, safe precaution measure is set using this, service authority scope to the service-user ID that does not know Permission Levels is limited, and completes registration.
The handling process of the service log-on method by the present invention is based on authority setting can be seen, carry out in service log-on handling process determining the Permission Levels that the service-user ID of new registration is corresponding (as the service-user ID of upper level user ID next Permission Levels of corresponding authority) and corresponding authority being set according to the upper level user ID comprising in application for registration information at server, improved thus the automatic capability that service server arranges service-user authority.Like this, rights management techniques personnel only need in Permission Levels database, to have recorded business in advance in authority corresponding to each Permission Levels, and the higher service-user of Permission Levels in business is carried out after artificial authority set handling, the authority of other service-user all can be in the time of service log-on be determined the Permission Levels that the service-user ID of new registration is corresponding and corresponding authority is set according to the upper level user ID comprising in application for registration information by service server, thereby greatly having alleviated rights management techniques personnel workload; Meanwhile, also avoided, because rights management techniques personnel inefficiency, people are that treatment effeciency, the normal operation of the situation such as make mistakes to whole business causes adverse effect, contributing to improve overall treatment efficiency and the managerial skills of service business; And service log-on method of the present invention does not significantly increase the fussy degree of family end registration operating process, do not affect the experience sense of client service log-on operation.In addition, the present invention is based in the service log-on method of authority setting, all can verify processing for the registered user ID and the true identity information that comprise in the application for registration information of accepting, effectively avoid the repeated registration of same personnel in business, caused service-user authority that chaotic problem is set.For cannot be according to the situation of the Permission Levels of application for registration validation of information new registration service-user ID, service server is by carrying out above-mentioned steps 9), directly authority corresponding the service-user ID of new registration is pressed to the setting of least privilege grade, as authority, safe precaution measure is set using this, the service authority scope of the service-user ID that does not know Permission Levels is limited.In concrete service application process, for example, when not having personnel's (thering are the personnel of highest weight limit grade) of upper level service-user or not yet distributing personnel requisition's service log-on of Permission Levels, can finally complete registration by step 9) by service log-on method according to the present invention; By service server by above-mentioned steps 9) complete the service-user of location registration process, can carry out artificial set handling according to practical business situation to its Permission Levels by rights management techniques personnel in the later stage.
What deserves to be explained is, the present invention is based in the service log-on method of authority setting, the authority set handling of the service-user to new registration, the mode that directly provides different rights grade to select is not provided, and has adopted the mode of determining the Permission Levels that the service-user ID of new registration is corresponding by upper level user ID.The reason of processing is like this: if carried out in service log-on processing procedure at service server, directly provide different rights grade to select and arrange according to the Permission Levels of selecting the authority of new registration service-user, make user before being successfully registered as service-user, just can know business in the facilities of different rights grade, therefore probably occurring that user chooses at random arranges Permission Levels, thereby causes the problem of user right Lookup protocol confusion in business, and in service log-on method of the present invention, only determine the Permission Levels that the service-user ID of new registration is corresponding and corresponding authority is set according to upper level user ID, avoid on the one hand user to be successfully registered as before service-user the detailed configuration information of different rights grade in acquisition business, make again on the other hand in service log-on processing procedure to the Permission Levels setting of new service-user can with practical work, administrative relationships in transaction environment between related personnel are corresponding, thereby both stopped to cause Permission Levels can be arbitrarily set because of the service log-on processing of service server self, cause service-user authority that chaotic problem is set, can meet targetedly again the practical application request of service authority management.In addition, because having adopted by upper level user ID, the present invention determines that the mode of the Permission Levels that the service-user ID of new registration is corresponding carries out service log-on processing, complete after registration, as a kind of improvement project, the message informing that new service-user ID successfully can also be registered is given the service-user ID as upper level user ID, be convenient to know the operations such as the laggard industry business of this message user profile verification as personnel corresponding to the service-user ID of upper level user ID, to reduce the situation that the setting of service-user authority makes mistakes by the mode of artificial verification; The idiographic flow of this improvement project, in above-mentioned steps 1) ~ 9) basis on, after described step 8) is complete, also continue execution step 10):
10) send described new service-user ID and be successfully registered as the user's of its subordinate prompting message to the client at the service-user ID place as upper level user ID.
The handling process of the service log-on method by the present invention is based on authority setting can also be seen, in the method, possess two kinds of service log-on tupes: the judgement processing based on step 1), by step 4) ~ 7) after execution step 8) or step 9) complete the mode of registration, be the conventional service log-on tupe of the inventive method; And judgement processing based on step 1), by step 2) ~ 3) after execution step 8) complete the mode of registration, be the service log-on tupe of active typing upper level user ID.Thus, the registered personnel that become the service-user in business can pass through the mode login link such as mail, instant communication information, forum's distribution platform, allow its next stage personnel can use client to send registration request by login link, complete registration by server by the service log-on tupe of active typing upper level user ID; In addition, the registered personnel that become the service-user in business also can inform its next stage personnel by its service-user ID by the mode such as world-of-mouth communication, communication on telephone, allow its next stage personnel can use client Self-operating, complete registration by server by conventional service log-on tupe.This can be applied in abundanter service business environment the service log-on method that the present invention is based on authority setting, for service-user provides mode of operation more easily.
Below by embodiment, the present invention will be further described.
embodiment mono-:
The present embodiment is take enterprise's cloud service business that enterprise information/management operation is provided of designing for enterprise specially as example, in this enterprise's cloud service business, need to arrange according to the difference of the position of enterprise staff the authority of different rights grade, allow this enterprise's cloud service business provide the corresponding information service of its position or bookkeeping service for enterprise staff; In this enterprise, include multiple departments that adhere to separately, and each adhering to separately in part except line manager's position, also there is subordinate's position of multiple ranks; The enterprise staff One's name is legion that whole enterprise is related, if rely on rights management techniques personnel completely, to each enterprise staff, the corresponding authority in enterprise's cloud service business manually arranges, and will be that workload is huge, task hard work.
For this reason, provide in the present embodiment the service server of this enterprise's cloud service business to adopt service log-on method of the present invention, and at local integrated Permission Levels database, true identity information database and the registered user's database of being provided with of service server, the technical staff who is responsible for rights management in business need to arrange and record the different corresponding Permission Levels of position of each department and authority corresponding to corresponding authority grade in this enterprise in Permission Levels database, meanwhile, need in true identity information database, record the true identity information of this each enterprise staff of enterprise, for the present embodiment, the true identity information of enterprise staff is Real Name and the corresponding ID card information of enterprise staff, then, each line manager of this enterprise according to the conventional service log-on tupe in service log-on method of the present invention via above-mentioned based on step 1), step 4) ~ 7), be finally registered as by step 9) after the business member of enterprise's cloud service business, due to they in this enterprise's cloud business temporarily without upper level user, the authority that need to carry out corresponding authority grade to them by rights management techniques personnel manually arranges, after this, in this enterprise, other employees of each department are in the time being registered as the business member of this enterprise's cloud service business, can be by the conventional service log-on tupe in the inventive method or the initiatively service log-on tupe of typing upper level user ID of service server, the authority of corresponding authority grade is automatically set according to the service-user that after upper level user ID inquiry registered user's database and authority information database in application for registration information is new registration by service server in registration process, rights management personnel only need to be to the follow-up monitoring management in addition of the authority of these service-users, thus, manually arrange by rights management personnel than the corresponding authority of each enterprise staff in enterprise's cloud service business in enterprise, greatly alleviate rights management personnel's magnitude of the operation, improve the treatment effeciency that in enterprise's cloud service business, service-user authority arranges, and service server self-operating is difficult for makeing mistakes, as long as guarantee that new registration service-user upper level user ID of typing in application for registration information is correct in practical work management, just can effectively guarantee the normal operation of enterprise's cloud service business aspect rights management.
embodiment bis-:
The present embodiment is take the public financing service that relates to Capital Flow as example, in this financing service, different business user need to carry out control and management operation to the Capital Flow of different range, and by the own flow operation scope of Warrant Bounds service-user; Owing to relating to real Capital Flow, if the service-user authority setting in business makes mistakes, be easy to cause serious problem, be therefore necessary especially the Permission Levels management system of Erecting and improving in this public financing service.In this public financing service, need the public towards the society that business service is provided, therefore may there is huge service-user colony, and for each service-user, relate to all many-sided authorities such as Capital Flow opereating specification, Financial Information restricted area, task management distribution, Capital Flow contact and data information sharing between the superior and the subordinate problem is set; If each service-user relies on rights management techniques personnel manually to arrange one by one in this all many-sided authority setting in service business, its working strength will be very large, also be easy to occur that the people in authority setting up procedure is the problem of makeing mistakes, once and authority setting makes mistakes, make the service authority scope of service-user incorrect, just probably cause the Capital Flow operating mistake in business.
For this reason, provide in the present embodiment the service server of this public financing service to adopt service log-on method of the present invention, local integrated Permission Levels database and the registered user's database of being provided with of service server, because service surface is to the public, therefore service server also carries out teledata with citizenship information database in Management system for police and is connected to obtain the public's true identity information, and the true identity information here mainly refers to the public's Real Name and corresponding ID card No. or officer's identity card number, in business, be responsible for the technical staff of rights management need in Permission Levels database, according to this public financing service Permission Levels management system, record traffic be set in authority corresponding to each Permission Levels, then the authority of the service-user that in this public financing service, Permission Levels are higher is manually arranged, then, the authority of other service-users in other this public financing service, can initiatively know by new registration service-user the mode of its upper level user ID, or issue the mode of login link to its next stage user as upper level user's service-user, in service log-on process, pass through conventional service log-on tupe or the initiatively service log-on tupe of typing upper level user ID of service server in the inventive method, the authority of corresponding authority grade is set according to the service-user that after upper level user ID inquiry registered user's database and authority information database in application for registration information is new registration automatically by service server, rights management personnel only need to be to the follow-up monitoring management in addition of the authority of these service-users, thus, because service server can carry out authority setting automatically to most service-user, greatly alleviate rights management personnel's magnitude of the operation, improve the treatment effeciency that in this public financing service, service-user authority arranges, and service server self-operating is difficult for makeing mistakes, as long as guarantee that new registration service-user upper level user ID of typing in application for registration information is correct in real thing management, just can effectively guarantee the normal operation of public financing service aspect rights management.
In sum, the present invention is based on the service log-on method that authority arranges, be very suitable for to the requirement of service-user rights management often need and practical work, transaction environment in applied in the corresponding service business of administrative relationships between related personnel, the initial rights of being carried out new registration service-user by the service server operation that respective service business is provided arranges, greatly alleviate rights management techniques personnel workload, contributed to improve overall treatment efficiency and the managerial skills of business.In service log-on process, by after carrying out initial rights setting by service server, for there being the grade of service regular business of growing up, each service-user still can promote Permission Levels according to the grade of service rule of growing up step by step, is independent of each other.The applied service business scope of technical solution of the present invention is also not only confined to above-described embodiment, simultaneously, in technical solution of the present invention, the authority of service server in service log-on process arranges scope, can only carry out initial setting up for a certain item or a few authorities in business, also can carry out initial setting up to four corner authority in business, can be according to the concrete applied environment of technical solution of the present invention and free setting.
Finally explanation is, above embodiment is only unrestricted in order to technical scheme of the present invention to be described, although the present invention is had been described in detail with reference to preferred embodiment, those of ordinary skill in the art is to be understood that, can modify or be equal to replacement technical scheme of the present invention, and not departing from aim and the scope of technical solution of the present invention, it all should be encompassed in the middle of claim scope of the present invention.
Claims (3)
1. the service log-on method arranging based on authority, is characterized in that, is carried out by service server operation; Described service server data are connected with Permission Levels database, true identity information database and registered user's database; Described Permission Levels data-base recording has authority corresponding to each Permission Levels in business; Described true identity information database records citizen's true identity information; Described registered user's database is for recording the service-user ID and corresponding true identity information and the authority of service-user ID that complete registration; The method comprises the steps: 1) receive the registration request that client sends, judge what whether this registration request sent for the login link of issuing by service-user ID; If so, perform step 2); Otherwise execution step 4);
2) send for typing and submit to the application for registration information of application for registration information to submit window to described client, described application for registration information submits to window to comprise registered user ID, true identity information and upper level user ID for the application for registration information of typing, and initiatively the service-user ID that issues described login link is submitted in window as upper level user ID typing application for registration information; Then wait for described client submission application for registration information; In the time receiving the application for registration information of described client submission, execution step 3);
3) the application for registration information receiving is verified; If the registered user ID that does not include registered user ID in this application for registration information or comprise has been recorded in registered user's database, sends the prompting message of typing user ID again to described client, and return to step 2); If the true identity information that does not include true identity information in this application for registration information or comprise has been recorded in registered user's database without the record matching or the true identity information comprising in true identity information database, send the prompting message of the information of typing true identity again to described client, and return to step 2); Otherwise, execution step 8);
4) send for typing and submit to the application for registration information of application for registration information to submit window to described client, described application for registration information submits to window to comprise registered user ID, true identity information and the upper level user ID of request registration for the application for registration information of typing; Then wait for described client submission application for registration information; In the time receiving the application for registration information of described client submission, execution step 5);
5) the application for registration information receiving is verified; If the registered user ID that does not include registered user ID in this application for registration information or comprise has been recorded in registered user's database, sends the prompting message of typing user ID again to described client, and return to step 4); If the true identity information that does not include true identity information in this application for registration information or comprise has been recorded in registered user's database without the record matching or the true identity information comprising in true identity information database, send the prompting message of the information of typing true identity again to described client, and return to step 4); Otherwise, execution step 6);
6) judge in the application for registration information receiving whether include upper level user ID; If so, continue execution step 7); Otherwise, execution step 9);
7) judge whether the upper level user ID comprising in the application for registration information receiving is the service-user ID recording in registered user's database; If so, perform step 8); Otherwise, execution step 9);
8) using the registered user ID comprising in the application for registration information of reception and true identity information respectively as new service-user ID and true identity information recording corresponding to this new service-user ID in registered user's database, and judge by inquiry registered user's database and authority information database whether as authority corresponding to the service-user ID of upper level user ID be least privilege grade; If so, using as Permission Levels of privilege-escalation corresponding to the service-user ID of upper level user ID, then described new authority corresponding to service-user ID be set in registered user's database by least privilege grade; Otherwise, by the service-user ID as upper level user ID next Permission Levels of corresponding authority described new authority corresponding to service-user ID is set in registered user's database, complete registration;
9) using the registered user ID comprising in the application for registration information of reception and true identity information respectively as new service-user ID and true identity information recording corresponding to this new service-user ID in registered user's database, and this new authority corresponding to service-user ID is set in registered user's database by least privilege grade, complete registration.
2. the service log-on method arranging based on authority according to claim 1, is characterized in that, after described step 8) is complete, also continues execution step 10):
10) send described new service-user ID and be successfully registered as the user's of its subordinate prompting message to the client at the service-user ID place as upper level user ID.
3. according to the service log-on method arranging based on authority described in claim 1 or 2, it is characterized in that, described true identity information comprises Real Name and corresponding ID card No. or the officer's identity card number of described Real Name.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210097316.8A CN102647296B (en) | 2012-04-05 | 2012-04-05 | Business registering method based on authorization setting |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210097316.8A CN102647296B (en) | 2012-04-05 | 2012-04-05 | Business registering method based on authorization setting |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102647296A CN102647296A (en) | 2012-08-22 |
| CN102647296B true CN102647296B (en) | 2014-05-14 |
Family
ID=46659881
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210097316.8A Expired - Fee Related CN102647296B (en) | 2012-04-05 | 2012-04-05 | Business registering method based on authorization setting |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102647296B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104850733A (en) * | 2015-04-13 | 2015-08-19 | 江苏名通信息科技有限公司 | Method for managing game sharing cashback |
| JP7210937B2 (en) * | 2018-08-29 | 2023-01-24 | コニカミノルタ株式会社 | image forming device |
| CN112926071A (en) * | 2021-03-03 | 2021-06-08 | 浪潮云信息技术股份公司 | Multi-level data authority control method based on government affair cloud management platform |
| CN113568457B (en) * | 2021-06-09 | 2022-05-03 | 安徽翔弘仪器科技有限公司 | Dynamic temperature intelligent protection system based on sensing technology |
| CN114238803A (en) * | 2022-02-25 | 2022-03-25 | 北京结慧科技有限公司 | Method and system for managing business registration data of enterprise-level user |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101051937A (en) * | 2006-05-10 | 2007-10-10 | 华为技术有限公司 | User's power managing method and system based on XML |
| CN101321063A (en) * | 2008-07-17 | 2008-12-10 | 上海众恒信息产业有限公司 | System user access management system and method based on digital certificate technique |
-
2012
- 2012-04-05 CN CN201210097316.8A patent/CN102647296B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101051937A (en) * | 2006-05-10 | 2007-10-10 | 华为技术有限公司 | User's power managing method and system based on XML |
| CN101321063A (en) * | 2008-07-17 | 2008-12-10 | 上海众恒信息产业有限公司 | System user access management system and method based on digital certificate technique |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102647296A (en) | 2012-08-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108961475B (en) | Access control deployment method and access control deployment server | |
| CN102855710B (en) | Method and system for remotely authenticating customer identity information | |
| CN109242326B (en) | Policy sharing system based on big data and artificial intelligence | |
| CN107079034A (en) | A kind of identity authentication method, terminal device, certificate server and electronic equipment | |
| CN102647296B (en) | Business registering method based on authorization setting | |
| CN109447647A (en) | A kind of safety payment system based on block chain | |
| CN101873333B (en) | Enterprise data maintenance method, device and system based on banking system | |
| CN107317678B (en) | A kind of electronics confirmation request processing method Internet-based and system | |
| CN107210916A (en) | Condition, which is logged in, to be promoted | |
| CN102025710A (en) | Multi-application intelligent card and intelligent card multi-application management system and method | |
| CN103986584A (en) | Double-factor identity verification method based on intelligent equipment | |
| CN102103777A (en) | Network tax declaration system and tax declaration method thereof for fiscal cash register | |
| CN106097167A (en) | A kind of finance escort information service system | |
| CN109754220A (en) | The one yard of universal method and system called based on government data | |
| CN108650289B (en) | Method and device for managing data based on block chain | |
| CN105225072A (en) | A kind of access management method of multi-application system and system | |
| CN102930464A (en) | Electronic invoice management method and system | |
| CN105590215A (en) | Device and method for data processing on-line processing of date mistakes between mechanisms | |
| CN107483477B (en) | Account management method and account management system | |
| CN108230052A (en) | A kind of invoice issuing and method for uploading and system | |
| CN105205752A (en) | Patent application examination and approval system and method | |
| CN106301791B (en) | A kind of realization method and system of the unifying user authentication authorization based on big data platform | |
| CN109978479A (en) | A kind of electronic invoice method of charging out, device, data sharing server and system | |
| CN103714454A (en) | Queuing and payment system | |
| CN111934881B (en) | Data right determining method and device, storage medium and electronic device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: CHONGQING MIAOYIN TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: CHONGQING XIANMAI COMMUNICATION TECHNOLOGY CO., LTD. Effective date: 20150522 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 402260 JIANGJIN, CHONGQING TO: 400050 JIULONGPO, CHONGQING |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20150522 Address after: 400050 Chongqing Jiulongpo Branch City Road No. 71 of No. 1 Erlang students Pioneering Park D2 building, No. 1 Patentee after: Chongqing seconds silver Polytron Technologies Inc Address before: 402260 Jiangjin District of Chongqing city streets a few building No. 401 State Street Brisbane Patentee before: Chongqing Xianmai Communication Technology Co.,Ltd. |
|
| C56 | Change in the name or address of the patentee | ||
| CP03 | Change of name, title or address |
Address after: 400050 Chongqing Jiulongpo Branch City Road No. 71, No. 71, No. 1 of Erlang students Pioneering Park D2 building 6 floor No. 1 Patentee after: Chongqing Miao Yin Science and Technology Ltd. Address before: 400050 Chongqing Jiulongpo Branch City Road No. 71 of No. 1 Erlang students Pioneering Park D2 building, No. 1 Patentee before: Chongqing seconds silver Polytron Technologies Inc |
|
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20140514 Termination date: 20180405 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |