CN103810408B - Method and device for generating permission object - Google Patents
Method and device for generating permission object Download PDFInfo
- Publication number
- CN103810408B CN103810408B CN201410101374.2A CN201410101374A CN103810408B CN 103810408 B CN103810408 B CN 103810408B CN 201410101374 A CN201410101374 A CN 201410101374A CN 103810408 B CN103810408 B CN 103810408B
- Authority
- CN
- China
- Prior art keywords
- data
- business
- business object
- file
- permission
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 55
- 238000007689 inspection Methods 0.000 claims description 87
- 230000037361 pathway Effects 0.000 claims description 29
- 238000013475 authorization Methods 0.000 claims description 18
- 238000012360 testing method Methods 0.000 claims description 16
- 238000001514 detection method Methods 0.000 claims description 6
- 238000001914 filtration Methods 0.000 claims description 5
- 238000012937 correction Methods 0.000 claims description 3
- 235000013399 edible fruits Nutrition 0.000 claims description 3
- 230000008569 process Effects 0.000 description 11
- 150000001875 compounds Chemical class 0.000 description 6
- 241000406668 Loxodonta cyclotis Species 0.000 description 5
- 238000006243 chemical reaction Methods 0.000 description 4
- 238000004519 manufacturing process Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000004904 shortening Methods 0.000 description 3
- 241001269238 Data Species 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000009826 distribution Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009466 transformation Effects 0.000 description 2
- 238000004140 cleaning Methods 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2145—Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a method and device for generating a permission object. The method comprises the following steps: determining file paths of service object files and acquiring object data of a plurality of service objects in the file paths; carrying out validity check on the object data of each service object according to the data check rule to obtain the check result of each service object; determining a first target service object passing the validity check according to the check result; respectively generating the permission object of the first target service object according to the object data of each first target service object. According to the embodiment of the invention, a mode of executing batch permission setting on the service objects passing the validity check after the object data of the service objects are read to obtain the permission object is adopted instead of a mode of manually setting the permission of each service object to obtain the permission object, so that the manual operation is reduced and the accuracy of the permission object is increased; meanwhile, operation flows are reduced, the generation time of the permission object is shortened, and thus the generation efficiency of the permission object is increased.
Description
Technical field
The application is related to technical field of data processing, particularly to a kind of generation method of permission object and device.
Background technology
Project is implemented for large enterprise's management software, implements in its authority and the O&M stage is it will usually face quantity Pang
Big character object management, now needs management personnel to safeguard the priority assignation generating each character object by hand, realizes authority
The generation of object, for example a certain character object such as line manager has access rights to data, or executive director repaiies to data
Change authority etc..
But in the scheme that above-mentioned realization batch permission object generates, not only error rate height is it is impossible to ensure the authority generating
The accuracy rate of object, and the craft carrying out authority to high-volume character object sets gradually, and could generate its permission object, needs
Expend the longer working time, lead to the less efficient of permission object generation.
Content of the invention
Technical problems to be solved in this application are to provide a kind of generation method of permission object and device, existing in order to solve
Having in technology using the manual priority assignation to multiple character object successively, thus generating the scheme of permission object, not only malfunctioning
The high and less efficient technical problem of rate.
This application provides a kind of generation method of permission object, methods described includes:
Determine the file path of business object file;
Obtain the object data of multiple business objects in described file path;
According to default data check rule, validity check is carried out to the object data of business object each described, obtains
Inspection result to business object each described;
According to described inspection result, determine the first object business object that its validity check is passed through;
Respectively according to the object data of first object business object each described, generate described first object business object
Permission object.
Said method it is preferred that in the described file path of described acquisition multiple business objects object data, comprising:
Read the file physical pathway information corresponding with described file path;
In the corresponding physical pathway of described file physical pathway information, obtain multiple business object files;
Read the object data in each described business object file respectively.
Said method it is preferred that described obtain described file path in multiple business objects object data after,
Before validity check being carried out to the object data of business object each described according to default Data Detection rule, methods described
Also include:
The data structure of described object data is converted to the data structure consistent with preset data structural model.
Said method it is preferred that described according to default data check rule, the number of objects to business object each described
According to carrying out validity check, obtain the inspection result of each described business object, comprising:
The filter operation of preset characters is carried out to the object data of business object each described;
According to described object data, identify the object's position of each described business object;
Authorization Attributes identification is carried out to the object data of business object each described, obtains the power of each described business object
Limit property value;
According to described object data, the business object belonging to the first attributes object to each carries out its affiliated second attribute pair
The whether normal inspection operation of the Parameter File state of elephant, obtains the state inspection results of each business object;
According to default naming rule and described object data, the name information of business object each described is examined
Look into, obtain naming inspection result;
According to described object data, the business object belonging to the 3rd attributes object to each carries out it and associates the first attribute pair
As whether quantity exceedes the inspection operation of predetermined upper threshold value, obtain volume check result, wherein, each described business object
Object's position, Authorization Attributes value, state inspection results, name inspection result and volume check result form its corresponding business object
Inspection result.
Said method is it is preferred that after the described inspection result obtaining each described business object, methods described is also wrapped
Include:
According to described inspection result, determine the unsanctioned second target service object of its validity check;
The business datum of the second target service object each described is modified according to the user's revision directive receiving;
The object data passing through, according to each, the second target service object revised respectively, generates each described second target
The permission object of business object.
Present invention also provides a kind of generating means of permission object, comprising:
Path determining unit, for determining the file path of business object file;
Object data acquiring unit, for obtaining the object data of multiple business objects in described file path;
Data Check Unit, for according to default data check rule, the object data to business object each described
Carry out validity check, obtain the inspection result of each described business object;
First object determining unit, for according to described inspection result, determining the first object that its validity check is passed through
Business object;
First object generation unit, generates according to the object data of first object business object each described for respectively
The permission object of described first object business object.
Said apparatus are it is preferred that described object data acquiring unit includes:
Subelement is read in path, for reading the file physical pathway information corresponding with described file path;
File acquisition subelement, for, in the corresponding physical pathway of described file physical pathway information, obtaining multiple industry
Business obj ect file;
Digital independent subelement, for reading the object data in each described business object file respectively.
Said apparatus are it is preferred that also include:
Data structure converting unit, for obtaining multiple business in described file path in described object data acquiring unit
After the object data of object, in described Data Check Unit according to default Data Detection rule to business object each described
Object data carry out validity check before, the data structure of described object data is converted to and preset data structural model
Consistent data structure.
Said apparatus are it is preferred that described Data Check Unit includes:
Character filtering subelement, for carrying out the filter operation of preset characters to the object data of each business object;
Location recognition subelement, for according to described object data, identifying the object's position of each described business object;
Authority recognition subelement, for carrying out Authorization Attributes identification to the object data of business object each described, obtains
The Authorization Attributes value of each described business object;
Parameter testing subelement, for according to described object data, belonging to the business object of the first attributes object to each
Carry out the whether normal inspection operation of Parameter File state of its affiliated second attributes object, obtain the state of each business object
Inspection result;
Name checks subelement, for according to default naming rule and described object data, to business pair each described
The name information of elephant is checked, obtains naming testing result;
Volume check subelement, for according to described object data, belonging to the business object of the 3rd attributes object to each
Carry out the inspection operation whether its association first attributes object quantity exceedes predetermined upper threshold value, obtain volume check result;
Wherein, the object's position of each described business object, Authorization Attributes value, state inspection results, name inspection result
And quantity testing result forms the inspection result of its corresponding business object.
Said apparatus are it is preferred that also include:
Second object determining unit, for obtaining the inspection result of each described business object in described Data Check Unit
Afterwards, according to described inspection result, determine the unsanctioned second target service object of its validity check;
Data correction unit, for the business datum of the second target service object each described according to the user that receives
Revision directive is modified;
Second object generation unit, for passing through the number of objects of the second target service object revised according to each respectively
According to generating the permission object of each described second target service object.
The generation method of a kind of permission object being provided from such scheme, the application and device, by determining use
After the file path that family selects, obtain the object data of multiple business objects in this document path, and then to this each object
Data carries out validity check, and business object that is legal to validity check result or passing through is extracted or determined, as
First object business object, thus each first object business object is executed with the Mass production of its permission object, thus, obtains
The permission object of multiple business objects.The application need not manually be configured to the authority of each business object such as character object,
Obtain permission object, but by reading the object data under the file path of business object place, and then execute validity check
Afterwards, business object execution batch priority assignation validity check being passed through, obtains permission object, not only reduces artificial behaviour
Making, improve the accuracy rate of permission object, meanwhile, reducing operating process, the generation time shortening permission object is long, thus improving power
The efficiency that limit object generates.
Brief description
For the technical scheme being illustrated more clearly that in the embodiment of the present application, will make to required in embodiment description below
Accompanying drawing be briefly described it should be apparent that, drawings in the following description are only some embodiments of the present application, for
For those of ordinary skill in the art, without having to pay creative labor, it can also be obtained according to these accompanying drawings
His accompanying drawing.
A kind of flow chart of the generation method embodiment one of permission object that Fig. 1 provides for the application;
A kind of partial process view of the generation method embodiment two of permission object that Fig. 2 provides for the application;
A kind of flow chart of the generation method embodiment three of permission object that Fig. 3 provides for the application;
A kind of partial process view of the generation method example IV of permission object that Fig. 4 provides for the application;
A kind of flow chart of the generation method embodiment five of permission object that Fig. 5 provides for the application;
A kind of structural representation of the generating means embodiment six of permission object that Fig. 6 provides for the application;
A kind of part-structure schematic diagram of the generating means embodiment of permission object that Fig. 7 provides for the application;
A kind of structural representation of the generating means embodiment eight of permission object that Fig. 8 provides for the application;
A kind of part-structure schematic diagram of the generating means embodiment nine of permission object that Fig. 9 provides for the application;
A kind of structural representation of the generating means embodiment ten of permission object that Figure 10 provides for the application.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present application, the technical scheme in the embodiment of the present application is carried out clear, complete
Site preparation describes it is clear that described embodiment is only some embodiments of the present application, rather than whole embodiments.It is based on
Embodiment in the application, it is every other that those of ordinary skill in the art are obtained under the premise of not making creative work
Embodiment, broadly falls into the scope of the application protection.
With reference to Fig. 1, a kind of flow chart of the generation method embodiment one of the permission object providing for the application, wherein, institute
The method of stating can apply in large enterprise's management software sap erp enforcement project, generally requires to high-volume in these projects
Character object carry out the setting of authority, to generate permission object.In the embodiment of the present application, methods described can include following
Step:
Step 101: determine the file path of business object file.
Wherein, described file path can be pre-selected the upload path being provided with for user.
Step 102: obtain the object data of multiple business objects in described file path.
Wherein, described file path can point to multiple files, the file path of the corresponding physics of each file,
With the business object file needing to generate permission object being written in fixing data template, the embodiment of the present application is passed through
After determining described file path, read the object data of multiple business objects in this document path.
Step 103: according to default data check rule, effectiveness is carried out to the object data of business object each described
Check, obtain the inspection result of each described business object.
It should be noted that described validity check refers to, the character of described business object, position, name, authority are belonged to
Property and the association project such as transformation checked, check whether each project meets default data check specified by rules
Content, such as whether subsequent operation etc. can be carried out as priority assignation object, to obtain the testing result of each business object, should
Testing result shows whether the validity check of its corresponding business object is passed through.
Step 104: according to described inspection result, determine the first object business object that its validity check is passed through.
From hereinbefore, described inspection result shows whether its corresponding business object passes through validity check, described
In step 104, according to the testing result of each business object, determine whether each business object passes through validity check, thus,
Determine the first object business object that validity check is passed through.
Step 105: respectively according to the object data of first object business object each described, generate described first object industry
The permission object of business object.
Wherein, described step 105 can be realized by following steps:
According to the rights attributes data in described object data, to its corresponding first object business object to target data
Operating right carry out processing operation, such as create, the operation to authority such as modification or distribution, to generate this first object business pair
The permission object of elephant.
A kind of generation method embodiment one of the permission object being provided from such scheme, the application, by determining
After the file path that user selects, obtain the object data of multiple business objects in this document path, and then each is right to this
Image data carries out validity check, and business object that is legal to validity check result or passing through is extracted or determined, that is,
For first object business object, thus each first object business object is executed with the Mass production of permission object, thus, obtain
The permission object of multiple business objects.The embodiment of the present application need not manually be carried out to the authority of each business object such as character object
Setting, obtains permission object, but by reading the object data under the file path of business object place, and then execute effectiveness
After inspection, the business object that validity check is passed through executes batch priority assignation, obtains permission object, not only reduces artificial
Operation, improves the accuracy rate of permission object, meanwhile, reduces operating process, the generation time shortening permission object is long, thus improving
The efficiency that permission object generates.
It should be noted that in the above-described embodiments, after the inspection result of each described object data gets, this Shen
Embodiment these inspection results please can be shown in screen, to user's reference, generate behaviour according to these inspection results simultaneously
Make diary, be easy to preserve.
With reference to Fig. 2, the reality of step 102 described in a kind of generation method embodiment two of the permission object providing for the application
Existing flow chart, wherein, described step 102 may comprise steps of realization:
Step 121: read the file physical pathway information corresponding with described file path.
Wherein, described file physical pathway information refers in the file pointed by described file path, each file
, in this document stove physical pathway, there is the business object literary composition that user selects write in corresponding physical pathway information in an operating system
Part.
Step 122: in the corresponding physical pathway of described file physical pathway information, obtain multiple business object files.
Wherein, after reading file physical pathway information in described step 121, in this document physical pathway information pair
In the physical pathway answered, obtain multiple business object files of user's write.
Step 123: read the object data in each described business object file respectively.
Wherein, directly corresponding business object can be read in each described business object file in described step 123
Object data.
It should be noted that in actual applications, user can be simultaneously written the data of (importing) multiple data template, will
The data of these data templates is put under a file, thus comes once to complete the permission object of business object as much as possible
Generation.Thus, under described file path during corresponding multiple data template, need the data template of business datum is united
One property conversion, as:
With reference to Fig. 3, a kind of flow chart of the generation method embodiment three of the permission object providing for the application, wherein,
After described step 102, before described step 103, methods described can also comprise the following steps:
Step 106: the data structure of described object data is converted to the data knot consistent with preset data structural model
Structure.
Wherein, described preset data structural model can be the data structuring model of a business object that is to say, that this Shen
Please embodiment by the data structure conversion operation of object data so that the object data of all of business object have same
Data structure.
It should be noted that above-mentioned object data can be excel file data etc..
With reference to Fig. 4, the reality of step 103 described in a kind of generation method example IV of the permission object providing for the application
Existing flow chart, wherein, described step 103 can include implemented below step:
Step 131: the object data of business object each described is carried out with the filter operation of preset characters.
Wherein, described preset characters can be line feed character, space character etc..Described step 131 is to described in each
In the object data of business object, the spcial character such as line feed character, space character carries out filtering the operation removed.
Step 132: according to described object data, identify the object's position of each described business object.
Specifically, in described step 132, the object's position of business object is identified referring to, determines that this business object is
No have multiple document locations that is to say, that whether this business object is cited in the file of two or unnecessary two.
Step 133: Authorization Attributes identification is carried out to the object data of business object each described, obtains each described business
The Authorization Attributes value of object.
Specifically, in described step 133 it is: to each business object, whether there is the operating right to data and examine
Look into.
Step 134: according to described object data, the business object that the first attributes object is belonged to each carry out its affiliated
The whether normal inspection operation of the Parameter File state of two attributes object, obtains the state inspection results of each business object.
Wherein, described first attributes object can taking local role's business object as a example, and described second attributes object is permissible
Taking general role business object as a example.For business object, it can be business object (first attribute pair of local role
As) or general role business object (the second attributes object, general role be sap erp project authority implementation section base
Plinth, general role exists as the masterplate of all permissions role, has general applicability and of overall importance, will not be in role
Each authority carries out the restriction of value range, and local role is then to derive from using the general role creating first to form, according to
Same general role derives the local role of each company of provinces and cities, and the permission object in local role has certain value range
Limit.
In described step 134, whether the Parameter File state of described second attributes object is normally carried out judging, obtains
State inspection results.When the business object Parameter File state that this inspection result shows the second attributes object is normal, show it
The business object of the first attributes object being created that is legal, and otherwise, the business object of this second attributes object can not derive
One attributes object, accordingly, this corresponding permission object of the first attribute cannot generate, or the permission object generating is inaccurate.
Step 135: according to default naming rule and described object data, the name information to business object each described
Checked, obtain naming inspection result.
Wherein, described naming rule can advance with configuration module for user and carries out self-defined, and this naming rule is pin
A set of Naming conventions to object oriented, such as, the Naming conventions of local role's business object are " bis- unit encoding+moulds of zl+
Grade encoding is numbered+organized to the business function of block name abbreviation+agreement ".Be in described step 135, according to this naming rule and
The name information of business object in described object data, carries out the detection of name information, is ordered to business object each described
Name inspection result.
Step 136: according to described object data, the business object belonging to the 3rd attributes object to each carries out its association the
Whether two attributes object quantity exceed the inspection of predetermined upper threshold value, obtain volume check result.
Wherein, described 3rd attributes object can be compound angle color business object, described compound role's business object be by
Several local role's business objects carry out composition and form.
Specifically, in described step 136 it is: to the local role's business object associated by compound role's business object
Whether quantity exceedes predetermined upper threshold value carries out inspection operation, obtains volume check result.
It should be noted that the maximum quantity higher limit that described predetermined upper threshold value can pre-set for user.
Wherein, the object's position of each described business object, Authorization Attributes value, state inspection results, name inspection result
And volume check result forms the inspection result of its corresponding business object.
Thus, the inspection result of described business object can be shown that whether the quantity of the object's position of this business object is two
Individual or more than two, whether this business object have operating right and its Authorization Attributes, be first in this business object to data
Whether the Parameter File state of the second attributes object belonging to during attributes object is normal, whether the name information of this business object closes
Whether method, the quantity of first attributes object associated when this business object is three attributes object are beyond upper limit threshold etc..
Wherein, each of above-mentioned steps 103 realizes step: the execution sequence in described step 131~described step 136 is not
It is defined in order as shown in Figure 4, the execution sequence that there is no need between each step, its each sequence of steps can be exchanged.
It should be noted that in described inspection result, when the result of above-mentioned any one is the result of negative property, its
The validity check of corresponding business object is not to be passed through, and on the contrary, this business object passes through its validity check.
Based on any one implementation in each embodiment above-mentioned, with reference to Fig. 5, a kind of permission object providing for the application
Generation method embodiment five flow chart, wherein, after described step 103, methods described can also comprise the following steps:
Step 107: according to described inspection result, determine the unsanctioned second target service object of its validity check.
Step 108: to the business datum of the second target service object each described according to user's revision directive of receiving
It is modified.
Wherein, after described inspection result gets, effectiveness user can be examined to these effectiveness according to demand
Look into unsanctioned second target service object to be selected, to determine the second target service pair that needs are modified or clear up
As thus, the revision directive needing the second target service object being modified is carried out operation and generates, in described step by user
In 108, it is modified according to the object data of these revision directives second target service object corresponding to this instruction or clears up
Operation, so that the object data of these the second target service objects meets the data check rule of validity check.
Step 109: the object data passing through, according to each, the second target service object revised respectively, generate described in each
The permission object of the second target service object.
Wherein, described step 109 can be realized by following steps:
According to the rights attributes data in the object data through revising, to its corresponding second target service object to mesh
The operating right of mark data is configured, and generates the permission object of this second target service object.
In the realization of each embodiment above-mentioned, after the priority assignation of finishing service object generates permission object, permissible
The various peration datas being related in permission object generating process are updated in corresponding Operation Log.
With reference to Fig. 6, a kind of structural representation of the generating means embodiment six of the permission object providing for the application, its
In, described device can apply to, in large enterprise's management software sap erp enforcement project, generally require to big in these projects
The character object of batch carries out the setting of authority, to generate permission object.In the embodiment of the present application, described device can include
Implemented below structure:
Path determining unit 601, for determining the file path of business object file.
Wherein, described file path can be pre-selected the upload path being provided with for user.
Object data acquiring unit 602, for obtaining the object data of multiple business objects in described file path.
Wherein, described file path can point to multiple files, the file path of the corresponding physics of each file,
With the business object file needing to generate permission object being written in fixing data template, the embodiment of the present application is passed through
After determining described file path, read the object data of multiple business objects in this document path.
Data Check Unit 603, for according to default data check rule, the number of objects to business object each described
According to carrying out validity check, obtain the inspection result of each described business object.
It should be noted that described validity check refers to, the character of described business object, position, name, authority are belonged to
Property and the association project such as transformation checked, check whether each project meets default data check specified by rules
Content, such as whether subsequent operation etc. can be carried out as priority assignation object, to obtain the testing result of each business object, should
Testing result shows whether the validity check of its corresponding business object is passed through.
First object determining unit 604, for according to described inspection result, determining the first mesh that its validity check is passed through
Mark business object.
From hereinbefore, described inspection result shows whether its corresponding business object passes through validity check, described
In first object determining unit 604, according to the testing result of each business object, determine each business object whether by effectively
Property check, thus, determine the first object business object that validity check is passed through.
First object generation unit 605, for respectively according to the object data of first object business object each described, raw
Become the permission object of described first object business object.
Wherein, described first object generation unit 605 can be accomplished by:
According to the rights attributes data in described object data, to its corresponding first object business object to target data
Operating right carry out processing operation, such as create, the operation to authority such as modification or distribution, to generate this first object business pair
The permission object of elephant.
A kind of generating means embodiment six of the permission object being provided from such scheme, the application, by determining
After the file path that user selects, obtain the object data of multiple business objects in this document path, and then each is right to this
Image data carries out validity check, and business object that is legal to validity check result or passing through is extracted or determined, that is,
For first object business object, thus each first object business object is executed with the Mass production of permission object, thus, obtain
The permission object of multiple business objects.The embodiment of the present application need not manually be carried out to the authority of each business object such as character object
Setting, obtains permission object, but, by reading the object data under the file path of business object place, and then execute effectively
Property check after, business object that validity check is passed through execution batch priority assignation, obtain permission object, not only reduce people
Work operates, and improves the accuracy rate of permission object, meanwhile, reduces operating process, the generation time shortening permission object is long, thus carrying
The efficiency that high permission object generates.
It should be noted that in the above-described embodiments, after the inspection result of each described object data gets, this Shen
Embodiment these inspection results please can be shown in screen, to user's reference, generate behaviour according to these inspection results simultaneously
Make diary, be easy to preserve.
With reference to Fig. 7, described in a kind of generating means embodiment of the permission object providing for the application, object data obtains
The structural representation of unit 602, wherein, described object data acquiring unit 602 may include that
Subelement 621 is read in path, for reading the file physical pathway information corresponding with described file path.
Wherein, described file physical pathway information refers in the file pointed by described file path, each file
, in this document stove physical pathway, there is the business object literary composition that user selects write in corresponding physical pathway information in an operating system
Part.
File acquisition subelement 622, for, in the corresponding physical pathway of described file physical pathway information, obtaining multiple
Business object file.
Wherein, after reading file physical pathway information in described file acquisition subelement 622, in this document physics
In the corresponding physical pathway of routing information, obtain multiple business object files of user's write.
Digital independent subelement 623, for reading the object data in each described business object file respectively.
Wherein, described digital independent subelement 623 directly can read corresponding industry in each described business object file
The object data of business object.
It should be noted that in actual applications, user can be simultaneously written the data of (importing) multiple data template, will
The data of these data templates is put under a file, thus comes once to complete the permission object of business object as much as possible
Generation.Thus, under described file path during corresponding multiple data template, need the data template of business datum is united
One property conversion, as:
With reference to Fig. 8, a kind of structural representation of the generating means embodiment eight of the permission object providing for the application, its
In, described device can also include following structure:
Data structure converting unit 606 is many in described file path for obtaining in described object data acquiring unit 602
After the object data of individual business object, in described Data Check Unit 603 according to default Data Detection rule to each institute
State business object object data carry out validity check before, the data structure of described object data is converted to and present count
According to the data structure that structural model is consistent.
Wherein, described preset data structural model can be the data structuring model of a business object that is to say, that this Shen
Please embodiment by the data structure conversion operation of object data so that the object data of all of business object have same
Data structure.
It should be noted that above-mentioned object data can be excel file data etc..
With reference to Fig. 9, data check list described in a kind of generating means embodiment nine of the permission object providing for the application
The structural representation of unit 603, wherein, described Data Check Unit 603 may include that
Character filtering subelement 631, for carrying out the filter operation of preset characters to the object data of each business object.
Wherein, described preset characters can be line feed character, space character etc..Described character filtering subelement 631 is
The spcial character such as line feed character, space character in the object data of business object each described is carried out filter the operation removed.
Location recognition subelement 632, for according to described object data, identifying the object position of each described business object
Put.
Specifically, in described location recognition subelement 632, the object's position of business object is identified referring to, determining should
Business object whether has multiple document locations that is to say, that whether this business object is in the file of two or unnecessary two
It is cited.
Authority recognition subelement 633, for carrying out Authorization Attributes identification to the object data of business object each described, obtains
Authorization Attributes value to business object each described.
Specifically, described authority recognition subelement 633 specifically for: to each business object, whether there is the behaviour to data
Checked as authority.
Parameter testing subelement 634, for according to described object data, belonging to the business pair of the first attributes object to each
The whether normal inspection operation of Parameter File state as carrying out its affiliated second attributes object, obtains the shape of each business object
State inspection result.
Wherein, described first attributes object can taking local role's business object as a example, and described second attributes object is permissible
Taking general role business object as a example.For business object, it can be business object (first attribute pair of local role
As) or general role business object (the second attributes object), general role be sap erp project authority implementation section base
Plinth, general role exists as the masterplate of all permissions role, has general applicability and of overall importance, will not be in role
Each authority carries out the restriction of value range, and local role is then to derive from using the general role creating first to form, according to
Same general role derives the local role of each company of provinces and cities, and the permission object in local role has certain value range
Limit.
In described parameter testing subelement 634, whether the Parameter File state of described second attributes object is normally entered
Row judges, obtains state inspection results.The business object Parameter File state showing the second attributes object in this inspection result is just
Chang Shi, shows that the business object of its first attributes object being created that is legal, otherwise, the business object of this second attributes object is not
The first attributes object can be derived, accordingly, this corresponding permission object of the first attribute cannot generate, or the permission object generating
Inaccurate.
Name checks subelement 635, for according to default naming rule and described object data, to business each described
The name information of object is checked, obtains naming testing result.
Wherein, described naming rule can advance with configuration module for user and carries out self-defined, and this naming rule is pin
A set of Naming conventions to object oriented, such as, the Naming conventions of local role's business object are " bis- unit encoding+moulds of zl+
Grade encoding is numbered+organized to the business function of block name abbreviation+agreement ".Described name checks that subelement 635 is, according to this life
Name is regular and described object data in business object name information, business object each described is carried out with the inspection of name information
Survey, obtain naming inspection result.
Volume check subelement 636, for according to described object data, belonging to the business pair of the 3rd attributes object to each
Whether exceed the inspection operation of predetermined upper threshold value as carrying out its association first attributes object quantity, obtain volume check result.
Wherein, described 3rd attributes object can be compound angle color business object, described compound role's business object be by
Several local role's business objects carry out composition and form.
Specifically, described volume check subelement 636 specifically for: to this ditch associated by compound role's business object
Whether the quantity of color business object exceedes predetermined upper threshold value carries out inspection operation, obtains volume check result.
It should be noted that the maximum quantity higher limit that described predetermined upper threshold value can pre-set for user.
Wherein, the object's position of each described business object, Authorization Attributes value, state inspection results, name inspection result
And quantity testing result forms the inspection result of its corresponding business object.
Thus, the inspection result of described business object can be shown that whether the quantity of the object's position of this business object is two
Individual or more than two, whether this business object have operating right and its Authorization Attributes, be first in this business object to data
Whether the Parameter File state of the second attributes object belonging to during attributes object is normal, whether the name information of this business object closes
Whether method, the quantity of first attributes object associated when this business object is three attributes object are beyond upper limit threshold etc..
It should be noted that in described inspection result, when the result of above-mentioned any one is the result of negative property, its
The validity check of corresponding business object is not to be passed through, and on the contrary, this business object passes through its validity check.
Based on any one implementation in each embodiment above-mentioned, with reference to Figure 10, a kind of authority pair providing for the application
The structural representation of the generating means embodiment ten of elephant, wherein, described device can also include following structure:
Second object determining unit 607, for obtaining the inspection of each described business object in described Data Check Unit 603
Come to an end after fruit, according to described inspection result, determine the unsanctioned second target service object of its validity check;
Data correction unit 608, for the business datum of the second target service object each described according to receiving
User's revision directive is modified.
Wherein, after described inspection result gets, effectiveness user can be examined to these effectiveness according to demand
Look into unsanctioned second target service object to be selected, to determine the second target service pair that needs are modified or clear up
As thus, the revision directive needing the second target service object being modified is carried out operation and generates, in described data by user
In amending unit 608, the object data according to these revision directives second target service object corresponding to this instruction is repaiied
Just or cleaning operation, so that the object data of these the second target service objects meets the data check rule of validity check
Then.
Second object generation unit 609, for passing through the object of the second target service object revised according to each respectively
Data, generates the permission object of each described second target service object.
Wherein, described second object generation unit 609 can be accomplished by:
According to the rights attributes data in the object data through revising, to its corresponding second target service object to mesh
The operating right of mark data is configured, and generates the permission object of this second target service object.
In the realization of each embodiment above-mentioned, after the priority assignation of finishing service object generates permission object, permissible
The various peration datas being related in permission object generating process are updated in corresponding Operation Log.
It should be noted that each embodiment in this specification is all described by the way of going forward one by one, each embodiment weight
Point explanation is all difference with other embodiment, between each embodiment identical similar partly mutually referring to.
Last in addition it is also necessary to explanation, herein, such as first and second or the like relational terms be used merely to by
One entity or operation are made a distinction with another entity or operation, and not necessarily require or imply these entities or operation
Between there is any this actual relation or order.And, term " inclusion ", "comprising" or its any other variant meaning
Covering comprising of nonexcludability, so that including a series of process of key elements, method, article or equipment not only include that
A little key elements, but also include other key elements being not expressly set out, or also include for this process, method, article or
The intrinsic key element of equipment.In the absence of more restrictions, the key element being limited by sentence "including a ...", does not arrange
Remove and also there is other identical element in the process including described key element, method, article or equipment.
Above a kind of generation method and device of permission object provided herein is described in detail, herein
Apply specific case the principle of the application and embodiment are set forth, the explanation of above example is only intended to help
Understand the present processes and its core concept;Simultaneously for one of ordinary skill in the art, according to the thought of the application,
All will change in specific embodiments and applications, in sum, this specification content should not be construed as to this
The restriction of application.
Claims (10)
1. a kind of generation method of permission object is it is characterised in that methods described includes:
Determine the file path of business object file;
Obtain the object data of multiple business objects in described file path;
According to default data check rule, validity check is carried out to the object data of business object each described, obtain every
The inspection result of individual described business object;
According to described inspection result, determine the first object business object that its validity check is passed through;
Respectively according to the object data of first object business object each described, generate the authority of described first object business object
Object.
2. method according to claim 1 is it is characterised in that multiple business objects in the described file path of described acquisition
Object data, comprising:
Read the file physical pathway information corresponding with described file path;
In the corresponding physical pathway of described file physical pathway information, obtain multiple business object files;
Read the object data in each described business object file respectively.
3. method according to claim 1 and 2 is it is characterised in that obtain multiple business in described file path described
After the object data of object, according to default Data Detection rule, the object data of business object each described is being had
Before effect property checks, methods described also includes:
The data structure of described object data is converted to the data structure consistent with preset data structural model.
4. method according to claim 1 it is characterised in that described according to default data check rule, to each institute
The object data stating business object carries out validity check, obtains the inspection result of each described business object, comprising:
The filter operation of preset characters is carried out to the object data of business object each described;
According to described object data, identify the object's position of each described business object;
Authorization Attributes identification is carried out to the object data of business object each described, the authority obtaining each described business object belongs to
Property value;
According to described object data, the business object belonging to the first attributes object to each carries out its affiliated second attributes object
The whether normal inspection operation of Parameter File state, obtains the state inspection results of each business object;
According to default naming rule and described object data, the name information of business object each described is checked, obtains
To name inspection result;
According to described object data, the business object belonging to the 3rd attributes object to each carries out it and associates the first attributes object number
Whether amount exceedes the inspection operation of predetermined upper threshold value, obtains volume check result, wherein, the object of each described business object
Position, Authorization Attributes value, state inspection results, name inspection result and volume check result form the inspection of its corresponding business object
Come to an end fruit.
5. the method according to claim 1,2 or 4 is it is characterised in that in the described inspection obtaining each described business object
Come to an end after fruit, methods described also includes:
According to described inspection result, determine the unsanctioned second target service object of its validity check;
The business datum of the second target service object each described is modified according to the user's revision directive receiving;
The object data passing through, according to each, the second target service object revised respectively, generates each described second target service
The permission object of object.
6. a kind of generating means of permission object are it is characterised in that include:
Path determining unit, for determining the file path of business object file;
Object data acquiring unit, for obtaining the object data of multiple business objects in described file path;
Data Check Unit, for according to default data check rule, carrying out to the object data of business object each described
Validity check, obtains the inspection result of each described business object;
First object determining unit, for according to described inspection result, determining the first object business that its validity check is passed through
Object;
First object generation unit, according to the object data of first object business object each described, generates described for respectively
The permission object of first object business object.
7. device according to claim 6 is it is characterised in that described object data acquiring unit includes:
Subelement is read in path, for reading the file physical pathway information corresponding with described file path;
File acquisition subelement, for, in the corresponding physical pathway of described file physical pathway information, obtaining multiple business pair
As file;
Digital independent subelement, for reading the object data in each described business object file respectively.
8. the device according to claim 6 or 7 is it is characterised in that also include:
Data structure converting unit, for obtaining multiple business objects in described file path in described object data acquiring unit
Object data after, described Data Check Unit according to default Data Detection rule to each described business object right
Before image data carries out validity check, the data structure of described object data is converted to consistent with preset data structural model
Data structure.
9. device according to claim 6 is it is characterised in that described Data Check Unit includes:
Character filtering subelement, for carrying out the filter operation of preset characters to the object data of each business object;
Location recognition subelement, for according to described object data, identifying the object's position of each described business object;
Authority recognition subelement, for carrying out Authorization Attributes identification to the object data of business object each described, obtains each
The Authorization Attributes value of described business object;
Parameter testing subelement, for according to described object data, the business object belonging to the first attributes object to each is carried out
The whether normal inspection operation of the Parameter File state of its affiliated second attributes object, obtains the status checkout of each business object
Result;
Name checks subelement, for according to default naming rule and described object data, to business object each described
Name information is checked, obtains naming testing result;
Volume check subelement, for according to described object data, the business object belonging to the 3rd attributes object to each is carried out
Whether its association the first attributes object quantity exceedes the inspection operation of predetermined upper threshold value, obtains volume check result;
Wherein, the object's position of each described business object, Authorization Attributes value, state inspection results, name inspection result and number
Amount testing result forms the inspection result of its corresponding business object.
10. the device according to claim 6,7 or 9 is it is characterised in that also include:
Second object determining unit, for obtain in described Data Check Unit each described business object inspection result it
Afterwards, according to described inspection result, determine the unsanctioned second target service object of its validity check;
Data correction unit, for revising according to the user that receives to the business datum of the second target service object each described
Instruction is modified;
Second object generation unit, for passing through the object data of the second target service object revised according to each respectively, raw
Become the permission object of each described second target service object.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410101374.2A CN103810408B (en) | 2014-03-18 | 2014-03-18 | Method and device for generating permission object |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410101374.2A CN103810408B (en) | 2014-03-18 | 2014-03-18 | Method and device for generating permission object |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103810408A CN103810408A (en) | 2014-05-21 |
| CN103810408B true CN103810408B (en) | 2017-01-25 |
Family
ID=50707167
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410101374.2A Active CN103810408B (en) | 2014-03-18 | 2014-03-18 | Method and device for generating permission object |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103810408B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106991103B (en) * | 2016-01-21 | 2020-07-28 | 北京四维图新科技股份有限公司 | Navigation data file checking method and engine system |
| CN106326352A (en) * | 2016-08-08 | 2017-01-11 | 歌尔股份有限公司 | Universal interface design method and system in butt joint with plurality of service systems |
| CN111368266A (en) * | 2020-03-16 | 2020-07-03 | 北京三快在线科技有限公司 | Authority configuration method, device, equipment and storage medium |
| CN112183031B (en) * | 2020-10-16 | 2023-08-01 | 卓尔智联(武汉)研究院有限公司 | Text processing method and device and electronic equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102222193A (en) * | 2011-06-28 | 2011-10-19 | 用友软件股份有限公司 | Data permission setting device and data permission setting method |
| CN102446258A (en) * | 2010-10-09 | 2012-05-09 | 金蝶软件(中国)有限公司 | Attachment authority type expansion method and device and system adopting same |
| CN103377346A (en) * | 2012-04-12 | 2013-10-30 | 金蝶软件(中国)有限公司 | Attachment management method and system |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100823279B1 (en) * | 2006-09-04 | 2008-04-18 | 삼성전자주식회사 | Method for generating rights object by authority recommitment |
| US8832856B2 (en) * | 2012-05-09 | 2014-09-09 | Sap Ag | Authority delegation for business objects |
-
2014
- 2014-03-18 CN CN201410101374.2A patent/CN103810408B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102446258A (en) * | 2010-10-09 | 2012-05-09 | 金蝶软件(中国)有限公司 | Attachment authority type expansion method and device and system adopting same |
| CN102222193A (en) * | 2011-06-28 | 2011-10-19 | 用友软件股份有限公司 | Data permission setting device and data permission setting method |
| CN103377346A (en) * | 2012-04-12 | 2013-10-30 | 金蝶软件(中国)有限公司 | Attachment management method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103810408A (en) | 2014-05-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108921166A (en) | Medical bill class text detection recognition method and system based on deep neural network | |
| US8566903B2 (en) | Enterprise evidence repository providing access control to collected artifacts | |
| CN103810408B (en) | Method and device for generating permission object | |
| CN106104592A (en) | Map band key entity attributes | |
| CN108830554B (en) | Task model-based intelligent detection method and system for data result information quality | |
| CN106909566A (en) | A kind of Data Modeling Method and equipment | |
| CN103365777B (en) | A kind of method for generating test case and system | |
| CN105224610A (en) | The method and apparatus that a kind of address is compared | |
| CN107977504B (en) | Asymmetric reactor core fuel management calculation method and device and terminal equipment | |
| CN109690571A (en) | Group echo system and method based on study | |
| CN106557307A (en) | The processing method and processing system of business datum | |
| CN108009444A (en) | Authority control method, device and the computer-readable recording medium of full-text search | |
| CN105843605B (en) | A kind of data mapping method and device | |
| CN107067276A (en) | Determine the method and device of object influences power | |
| CN107025214B (en) | Data processing method and device | |
| CN102707938A (en) | Table-form software specification manufacturing and supporting method and device | |
| CN115577983B (en) | Enterprise task matching method based on block chain, server and storage medium | |
| CN116257922A (en) | Coding method, device, terminal equipment and medium of water conservancy facility model | |
| CN106897859A (en) | Process control and system certification system and method based on management regulation | |
| CN115797104A (en) | Multi-path informatization identification method for business expansion installation | |
| JP2011232874A (en) | Method and device for information security management supporting | |
| CN115526594A (en) | Method, device, equipment and medium for detecting implementation situation of planning control requirement | |
| CN104408316B (en) | Sino-U.S.'s Geotechnical Engineering classification of soils standard handovers device and method | |
| CN105844176A (en) | Security strategy generation method and equipment | |
| US9141734B2 (en) | System and method of refining a topological indexed mesh |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: BEIJING ZHONGDIAN PUHUA INFORMATION TECHNOLOGY CO. Free format text: FORMER OWNER: STATE GRID CORPORATION OF CHINA Effective date: 20141205 Owner name: STATE GRID CORPORATION OF CHINA Free format text: FORMER OWNER: BEIJING ZHONGDIAN PUHUA INFORMATION TECHNOLOGY CO., LTD. Effective date: 20141205 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 100000 HAIDIAN, BEIJING TO: 100031 XICHENG, BEIJING |
|
| TA01 | Transfer of patent application right |
Effective date of registration: 20141205 Address after: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Applicant after: State Grid Corporation of China Applicant after: Beijing China Power Information Technology Co., Ltd. Applicant after: INFORMATION COMMUNICATION COMPANY, STATE GRID NINGXIA ELECTRIC POWER CO., LTD. Address before: 100000 Beijing city Haidian District Qinghe small Camp Road No. 15 Applicant before: Beijing China Power Information Technology Co., Ltd. Applicant before: State Grid Corporation of China |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |