CN106650399A - Processing method and device for user access permissions - Google Patents
Processing method and device for user access permissions Download PDFInfo
- Publication number
- CN106650399A CN106650399A CN201510729557.3A CN201510729557A CN106650399A CN 106650399 A CN106650399 A CN 106650399A CN 201510729557 A CN201510729557 A CN 201510729557A CN 106650399 A CN106650399 A CN 106650399A
- Authority
- CN
- China
- Prior art keywords
- authority
- user
- login system
- application program
- application programs
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/41—User authentication where a single sign-on provides access to a plurality of computers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The invention discloses a processing method and device for user access permissions. The method comprises the steps that whether a current login account on a single sign on system is an administrator account or not is detected, wherein the single sign on system is used for processing the user access permissions corresponding to multiple applications; if the detection result is that the current login account on the single sign on system is the administrator account, the current login account processes the user access permissions corresponding to the multiple applications by use of the single sign on system. Through the processing method and device, the technical problem that in relevant technologies, the management process is complicated because the single sign on system cannot perform unified management on the applications is solved.
Description
Technical field
The present invention relates to internet arena, in particular to a kind of processing method and processing device of access privilege.
Background technology
At present, a single-node login system can associate multiple application programs (including website and Software tool), in other words,
Multiple application programs can be logged on or off using same single-node login system.However, by taking multiple websites as an example, though
So they can be logged on or off by single-node login system, but the access privilege that is related to of each website can only be by
Each website voluntarily manages, and for the login user of corresponding website is logged in using single-node login system, what use
Family there are access rights to be unknown any website.
That is, correlation technique has the disadvantage that:The access privilege of each application program is voluntarily managed by each application program
Reason, if necessary to modification access privilege, then will operate in corresponding application program, and process CIMS is loaded down with trivial details, and
And user cannot check itself has access rights to which website by single-node login system.
For above-mentioned problem, effective solution is not yet proposed at present.
The content of the invention
A kind of processing method and processing device of access privilege is embodiments provided, at least to solve correlation technique
In the loaded down with trivial details technology of the management process that these application programs cannot be managed collectively and be caused due to single-node login system
Problem.
A kind of one side according to embodiments of the present invention, there is provided processing method of access privilege, including:Inspection
Whether the current logon account surveyed on single-node login system is keeper's account, wherein, above-mentioned single-node login system is used for
Process the corresponding access privilege of multiple application programs;Testing result be on above-mentioned single-node login system it is above-mentioned work as
In the case that front logon account is above-mentioned keeper's account, above-mentioned current logon account utilizes above-mentioned single-node login system pair
The corresponding access privilege of above-mentioned multiple application programs is processed.
Further, above-mentioned current logon account is corresponding to above-mentioned multiple application programs using above-mentioned single-node login system
Access privilege carries out processing includes at least one of:Above-mentioned current logon account utilizes above-mentioned single-node login system
Check access privilege of the specified user to above-mentioned multiple application programs;Above-mentioned current logon account utilizes above-mentioned single-point
Access privilege of the user to the corresponding application programs in above-mentioned multiple application programs is specified in login system addition;It is above-mentioned
Current logon account is deleted using above-mentioned single-node login system and specifies user to the respective application in above-mentioned multiple application programs
The access privilege of program.
Further, check that specified user is accessed the user of above-mentioned multiple application programs using above-mentioned single-node login system
Authority includes:Received using above-mentioned single-node login system and check request for authority, above-mentioned authority checks request for referring to
Show the access privilege for checking specified user to above-mentioned multiple application programs;Request returning right is checked according to above-mentioned authority
Limit checks result;Above-mentioned authority according to returning checks that result checks user of the specified user to above-mentioned multiple application programs
Access rights.
Further, accordingly should in specifying user to above-mentioned multiple application programs using the addition of above-mentioned single-node login system
Included with the access privilege of program:Received using above-mentioned single-node login system and asked for authority addition, above-mentioned power
Limit addition request specifies user to access the user of the corresponding application programs in above-mentioned multiple application programs for indicating addition
Authority;Connect according to the authority addition that above-mentioned authority adds the corresponding application programs in the above-mentioned multiple application programs of request call
Mouthful;It is the access privilege of the specified user's addition to the corresponding application programs to add interface by above-mentioned authority.
Further, accordingly should in specifying user to above-mentioned multiple application programs is deleted using above-mentioned single-node login system
Included with the access privilege of program:Received for authority removal request, above-mentioned power using above-mentioned single-node login system
Limit removal request is used to indicate to delete to specify user to access the user of the corresponding application programs in above-mentioned multiple application programs
Authority;Call the authority of the corresponding application programs in above-mentioned multiple application programs to delete according to above-mentioned authority removal request to connect
Mouthful;It is the access privilege of the specified user's deletion to the corresponding application programs to delete interface by above-mentioned authority.
Another aspect according to embodiments of the present invention, additionally provides a kind of processing meanss of access privilege, including:
Detector unit, for detecting whether the current logon account on single-node login system is keeper's account, wherein, it is above-mentioned
Single-node login system is used to process the corresponding access privilege of multiple application programs;Processing unit, in detection knot
It is above-mentioned current in the case that fruit is above-mentioned keeper's account for the above-mentioned current logon account on above-mentioned single-node login system
Logon account is processed the corresponding access privilege of above-mentioned multiple application programs using above-mentioned single-node login system.
Further, above-mentioned processing unit includes at least one of:Module is checked, for above-mentioned current logon account
Access privilege of the specified user to above-mentioned multiple application programs is checked using above-mentioned single-node login system;Add module,
For above-mentioned current logon account user is specified in above-mentioned multiple application programs using the addition of above-mentioned single-node login system
The access privilege of corresponding application programs;Removing module, for above-mentioned current logon account above-mentioned single-sign-on is utilized
System-kill specifies access privilege of the user to the corresponding application programs in above-mentioned multiple application programs.
Further, it is above-mentioned to check that module includes:First receiving submodule, for being connect using above-mentioned single-node login system
Receive and check request for authority, above-mentioned authority checks that request checks specified user to above-mentioned multiple application programs for instruction
Access privilege;Response submodule, for checking that request returns authority and checks result according to above-mentioned authority;Check
Submodule, for checking that result checks user of the specified user to above-mentioned multiple application programs according to the above-mentioned authority for returning
Access rights.
Further, above-mentioned add module includes:Second receiving submodule, for being connect using above-mentioned single-node login system
Receive and asked for authority addition, above-mentioned authority addition request specifies user to above-mentioned multiple application programs for indicating addition
In corresponding application programs access privilege;First calls submodule, for being adjusted according to the addition request of above-mentioned authority
Add interface with the authority of the corresponding application programs in above-mentioned multiple application programs;Addition submodule, for by above-mentioned
Authority addition interface is the access privilege of the specified user's addition to the corresponding application programs.
Further, above-mentioned removing module includes:3rd receiving submodule, for being connect using above-mentioned single-node login system
Receive for authority removal request, above-mentioned authority removal request is used to indicate to delete to specify user to above-mentioned multiple application programs
In corresponding application programs access privilege;Second calls submodule, for being adjusted according to above-mentioned authority removal request
Interface is deleted with the authority of the corresponding application programs in above-mentioned multiple application programs;Submodule is deleted, for by above-mentioned
It is the access privilege of the specified user's deletion to the corresponding application programs that authority deletes interface.
In embodiments of the present invention, it is managed collectively by the way of multiple different application programs using single-node login system, is led to
Whether the current logon account crossed on detection single-node login system is keeper's account, wherein, single-node login system is used for
Process the corresponding access privilege of multiple application programs;It is the current login account on single-node login system in testing result
In the case that family is keeper's account, current logon account is using single-node login system to the corresponding use of multiple application programs
Family access rights are processed, and have reached the purpose that multiple different application programs are managed collectively using single-node login system,
It is achieved thereby that the technique effect of streamlining management flow process, and then solve in correlation technique because single-node login system cannot
The loaded down with trivial details technical problem of management process that these application programs are managed collectively and are caused.
Description of the drawings
Accompanying drawing described herein is used for providing a further understanding of the present invention, constitutes the part of the application, this
Bright schematic description and description does not constitute inappropriate limitation of the present invention for explaining the present invention.In accompanying drawing
In:
Fig. 1 is the flow chart of the processing method of a kind of optional access privilege according to embodiments of the present invention;
Fig. 2 is the schematic diagram of the processing meanss of a kind of optional access privilege according to embodiments of the present invention;
Specific embodiment
In order that those skilled in the art more fully understand the present invention program, below in conjunction with the embodiment of the present invention
Accompanying drawing, is clearly and completely described to the technical scheme in the embodiment of the present invention, it is clear that described embodiment
The only embodiment of a present invention part, rather than the embodiment of whole.Based on the embodiment in the present invention, ability
The every other embodiment that domain those of ordinary skill is obtained under the premise of creative work is not made, all should belong to
The scope of protection of the invention.
It should be noted that description and claims of this specification and the term " first " in above-mentioned accompanying drawing, "
Two " it is etc. the object for distinguishing similar, without for describing specific order or precedence.It should be appreciated that this
The data that sample is used can be exchanged in the appropriate case, so as to embodiments of the invention described herein can with except
Here the order beyond those for illustrating or describing is implemented.Additionally, term " comprising " and " having " and they
Any deformation, it is intended that covering is non-exclusive to be included, and for example, contains process, the side of series of steps or unit
Method, system, product or equipment are not necessarily limited to those steps clearly listed or unit, but may include unclear
List or other steps intrinsic for these processes, method, product or equipment or unit.
Embodiment 1
According to embodiments of the present invention, there is provided a kind of embodiment of the method for the processing method of access privilege, need
It is bright, can be in the computer system of such as one group of computer executable instructions the step of the flow process of accompanying drawing is illustrated
Middle execution, and, although show logical order in flow charts, but in some cases, can be being different from
Order herein performs shown or described step.
Fig. 1 is the flow chart of the processing method of a kind of optional access privilege according to embodiments of the present invention, is such as schemed
Shown in 1, the method comprises the steps:
Step S102, detects whether the current logon account on single-node login system is keeper's account, wherein, single-point
Login system is used to process the corresponding access privilege of multiple application programs;
Step S104, in the case where testing result is keeper's account for the current logon account on single-node login system,
Current logon account is processed the corresponding access privilege of multiple application programs using single-node login system.
During enforcement, prestored in single-node login system need management application program (including but not limited to website and
Software tool etc.) relevant information (i.e. product information), and generate a unique encodings ID for each application program, with
It is easy to recognize different application programs;Title of the said goods packet containing product, station address and product interface
Address;The authority that can be found for adding the application program of user right by product interface IP address is added interface, is used
Authority deletion interface in the application program for deleting user right, the authority of the application program for checking user right are looked into
See interface etc..In addition, single-node login system generates a unique encodings ID for each user, it is different in order to recognize
User.
It should be noted that for the ease of management, the typically not all user rights of system are identical, in this case,
User is divided into domestic consumer and administrator by single-node login system, and respectively they have opened corresponding authority.
For example, for administrator, single-node login system is provided with super authority exclusively for it, and keeper is used
Family and its authority information are issued to each application program so as to the user right for checking all users and each application
The ability of the user of the corresponding user having permission of program and lack of competence, be user addition/delete to specified application
The ability of access rights.
Specifically, when the authority of each application program is managed, user needs to use keeper's Account Logon single-sign-on system
System, the system detectio to current account is after keeper's account, it is believed that the user has administration authority, and will be using journey
Sequence rights management page presentation can just check the authority information of user used to the user, such active user, and
The corresponding user having permission with lack of competence of each application program can be checked;If it is not keeper to detect current account
Account, i.e. active user are unsatisfactory for super authority requirement, then the hide application program rights management page, so current to use
Family cannot just check the authority information of user used, cannot also check that each application program is corresponding and have permission and lack of competence
User.But when active user logs in single-node login system using regular account, the system can return active user
The list of the application program having permission, and show user in the user profile page.
By the embodiment of the present invention, it is managed collectively by the way of multiple different application programs using single-node login system, can
To realize same user while associating multiple different website products, to check associated product list and product weighed
Limit is managed collectively, and has reached the purpose that multiple different application programs are managed collectively using single-node login system, from
And the technique effect of streamlining management flow process is realized, and then solve in correlation technique because single-node login system cannot be right
The loaded down with trivial details technical problem of management process that these application programs are managed collectively and are caused.
Alternatively, current logon account is entered using single-node login system to the corresponding access privilege of multiple application programs
Row is processed includes at least one of:
S2, current logon account checks user access right of the specified user to multiple application programs using single-node login system
Limit;
S4, current logon account specifies user to the respective application in multiple application programs using single-node login system addition
The access privilege of program;
S6, current logon account is deleted using single-node login system and specifies user to the respective application in multiple application programs
The access privilege of program.
Compared with correlation technique, using technical scheme provided in an embodiment of the present invention, to specified one or more
Application program perform check, add, deletion action when, without the need for respectively in each application program operate, realize
Multiple application programs are operated purpose in one system, it is to avoid toggle between each application program, grasp
The trouble of work, simplifies operation sequence, improves operating efficiency.
Alternatively, check that specified user includes to the access privilege of multiple application programs using single-node login system:
S8, is received using single-node login system and checks request for authority, and authority checks that request checks specified for instruction
Access privilege of the user to multiple application programs;
S10, checks that request returns authority and checks result according to authority;
S12, checks that result checks access privilege of the specified user to multiple application programs according to the authority for returning.
During enforcement, when active user's access application rights management page, it is useful that single-node login system can load institute
The permissions list at family, active user can select to specify user from list, and check the application that specified user has permission
Program.When single-node login system receive check the application program that specified user has permission authority check request after, meeting
The application list that specified user is had permission and the application list back page of lack of competence are checked for active user.
By the embodiment of the present invention, it is possible to achieve looked into by carrying out authority to multiple application programs at a system login end
See operation, it is to avoid go to check the defect that operating process is complicated, operating efficiency is low that authority is caused in each application program.
Further, by arrange it is this check authority, can avoid allowing follow-up modification operate (as add limiting operation,
Delete limiting operation etc.) become invalid operation.
Alternatively, use of the user to the corresponding application programs in multiple application programs is specified using single-node login system addition
Family access rights include:
S14, is received using single-node login system and is asked for authority addition, and authority addition request is specified for indicating addition
Access privilege of the user to the corresponding application programs in multiple application programs;
S16, according to authority the authority addition interface of the corresponding application programs in the multiple application programs of request call is added;
S18, it is the access privilege of the specified user's addition to the corresponding application programs to add interface by authority.
During enforcement, when the user right of user is specified in addition, the application program of the lack of competence of above-mentioned return can be selected
Application program in list, clicks on the authority addition request that addition operation button sends addition user right.Single-sign-on
System is received after the authority addition request of user, obtains the user profile for specifying user, including the title and use of user
The unique encodings ID at family, and the relevant information of the application program is obtained according to selected application program, and then according to the phase
Pass information call selected application program authority add interface, by the coding ID and other users information of specified user,
The user profile of currently logged on user, passes to selected application program, and currently logs in use by the application program verification
The authority at family, the application program is imported after being verified by the relevant information of specified user.Authority add interface operation into
After work(, single-node login system can add associating for specified user and selected application program, and by the numbering of specified user
Store in contingency table with the numbering of selected application program.The user right of application program of the specified user to selecting adds
Plus after success, single-node login system can be by the application list back page having permission with lack of competence after addition authority.
Further, if single-node login system returns page using the addition interface transmission user profile failure of above-mentioned authority
Face information;If adding the operation associated failure of selected application program and specified user, same back page is carried
Show information.
By the embodiment of the present invention, it is possible to achieve multiple application programs are carried out with authority addition behaviour at a system login end
Make, it is to avoid go to add the defect that operating process is complicated, operating efficiency is low that authority is caused in each application program.Enter one
Step ground, by arranging this addition authority, can increase the flexibility of priority assignation.
Alternatively, deleted using single-node login system and specify use of the user to the corresponding application programs in multiple application programs
Family access rights include:
S20, is received for authority removal request using single-node login system, and authority removal request is used to indicate to delete to specify
Access privilege of the user to the corresponding application programs in multiple application programs;
S22, calls the authority of the corresponding application programs in multiple application programs to delete interface according to authority removal request;
S24, it is the access privilege of the specified user's deletion to the corresponding application programs to delete interface by authority.
During enforcement, when the user right for specifying user is deleted, in the application list of the lack of competence of above-mentioned return
Application program, clicks on deletion action button and sends the authority removal request for deleting user right.Single-node login system is received
To after the authority removal request of user, it is intended that the user profile of user, including the title and the unique encodings of user of user
ID, and the relevant information of the application program is obtained according to selected application program, and then choosing is called according to the relevant information
The authority of fixed application program deletes interface, and the coding ID and other users information of specified user, current login are used
The user profile at family, passes to selected application program, and by the authority of application program verification currently logged on user,
The relevant information of specified user is deleted from the user message table of the application program after being verified.Authority adds interface
After operation success, single-node login system can delete associating for specified user and selected application program.Specified user is to choosing
The user right of fixed application program is deleted after success, and single-node login system can will delete having permission after authority and have no right
The application list back page of limit.
Further, if single-node login system deletes interface using above-mentioned authority deletes user profile failure, page is returned
Face information;If deleting the operation associated failure of selected application program and specified user, same back page is carried
Show information.
By the embodiment of the present invention, it is possible to achieve multiple application programs are carried out with authority at a system login end and deletes behaviour
Make, it is to avoid go to delete the defect that operating process is complicated, operating efficiency is low that authority is caused in each application program.Enter one
Step ground, by arranging this deletion authority, can increase the flexibility of priority assignation.
Embodiment 2
According to embodiments of the present invention, there is provided a kind of device embodiment of the processing meanss of access privilege.
Fig. 2 is the schematic diagram of the processing meanss of a kind of optional access privilege according to embodiments of the present invention, is such as schemed
Shown in 2, the device includes:Detector unit 202, for detecting that whether the current logon account on single-node login system be
Keeper's account, wherein, single-node login system is used to process the corresponding access privilege of multiple application programs;Process
Unit 204, in the case of being keeper's account for the current logon account on single-node login system in testing result,
Current logon account is processed the corresponding access privilege of multiple application programs using single-node login system.
During enforcement, prestored in single-node login system need management application program (including but not limited to website and
Software tool etc.) relevant information (i.e. product information), and generate a unique encodings ID for each application program, with
It is easy to recognize different application programs;Title of the said goods packet containing product, station address and product interface
Address;The authority that can be found for adding the application program of user right by product interface IP address is added interface, is used
Authority deletion interface in the application program for deleting user right, the authority of the application program for checking user right are looked into
See interface etc..In addition, single-node login system generates a unique encodings ID for each user, it is different in order to recognize
User.
It should be noted that for the ease of management, the typically not all user rights of system are identical, in this case,
User is divided into domestic consumer and administrator by single-node login system, and respectively they have opened corresponding authority.
For example, for administrator, single-node login system is provided with super authority exclusively for it, and keeper is used
Family and its authority information are issued to each application program so as to the user right for checking all users and each application
The ability of the user of the corresponding user having permission of program and lack of competence, be user addition/delete to specified application
The ability of access rights,.
Specifically, when the authority of each application program is managed, user needs to use keeper's Account Logon single-sign-on system
System, the system detectio to current account is after keeper's account, it is believed that the user has administration authority, and will be using journey
Sequence rights management page presentation can just check the authority information of user used to the user, such active user, and
The corresponding user having permission with lack of competence of each application program can be checked;If it is not keeper to detect current account
Account, i.e. active user are unsatisfactory for super authority requirement, then the hide application program rights management page, so current to use
Family cannot just check the authority information of user used, cannot also check that each application program is corresponding and have permission and lack of competence
User.But when active user logs in single-node login system using regular account, the system can return active user
The list of the application program having permission, and show user in the user profile page.
By the embodiment of the present invention, it is managed collectively by the way of multiple different application programs using single-node login system, can
To realize same user while associating multiple different website products, to check associated product list and product weighed
Limit is managed collectively, and has reached the purpose that multiple different application programs are managed collectively using single-node login system, from
And the technique effect of streamlining management flow process is realized, and then solve in correlation technique because single-node login system cannot be right
The loaded down with trivial details technical problem of management process that these application programs are managed collectively and are caused.
Alternatively, above-mentioned processing unit includes at least one of:Module is checked, for current logon account using single
Point login system checks access privilege of the specified user to multiple application programs;Add module, for current login
Account specifies user access right of the user to the corresponding application programs in multiple application programs using single-node login system addition
Limit;Removing module, is deleted using single-node login system for current logon account and specifies user in multiple application programs
Corresponding application programs access privilege.
Compared with correlation technique, using technical scheme provided in an embodiment of the present invention, to specified one or more
Application program perform check, add, deletion action when, without the need for respectively in each application program operate, realize
Multiple application programs are operated purpose in one system, it is to avoid toggle between each application program, grasp
The trouble of work, simplifies operation sequence, improves operating efficiency.
Alternatively, it is above-mentioned to check that module includes:First receiving submodule, is used for for being received using single-node login system
Authority checks request, and authority checks request for indicating to check access privilege of the specified user to multiple application programs;
Response submodule, for checking that request returns authority and checks result according to authority;Submodule is checked, for according to return
Authority check that result checks access privilege of the specified user to multiple application programs.
During enforcement, when active user's access application rights management page, it is useful that single-node login system can load institute
The permissions list at family, active user can select to specify user from list, and check the application that specified user has permission
Program.When single-node login system receive check the application program that specified user has permission authority check request after, meeting
The application list that specified user is had permission and the application list back page of lack of competence are checked for active user.
By the embodiment of the present invention, it is possible to achieve looked into by carrying out authority to multiple application programs at a system login end
See operation, it is to avoid go to check the defect that operating process is complicated, operating efficiency is low that authority is caused in each application program.
Further, by arrange it is this check authority, can avoid allowing follow-up modification operate (as add limiting operation,
Delete limiting operation etc.) become invalid operation.
Alternatively, above-mentioned add module includes:Second receiving submodule, is used for for being received using single-node login system
Authority addition request, authority addition request specifies user to the respective application journey in multiple application programs for indicating addition
The access privilege of sequence;First calls submodule, for being added in the multiple application programs of request call according to authority
The authority addition interface of corresponding application programs;Addition submodule, adds for adding interface by authority for the specified user
Plus the access privilege to the corresponding application programs.
During enforcement, when the user right of user is specified in addition, the application program of the lack of competence of above-mentioned return can be selected
Application program in list, clicks on the authority addition request that addition operation button sends addition user right.Single-sign-on
System is received after the authority addition request of user, obtains the user profile for specifying user, including the title and use of user
The unique encodings ID at family, and the relevant information of the application program is obtained according to selected application program, and then according to the phase
Pass information call selected application program authority add interface, by the coding ID and other users information of specified user,
The user profile of currently logged on user, passes to selected application program, and currently logs in use by the application program verification
The authority at family, the application program is imported after being verified by the relevant information of specified user.Authority add interface operation into
After work(, single-node login system can add associating for specified user and selected application program, and by the numbering of specified user
Store in contingency table with the numbering of selected application program.The user right of application program of the specified user to selecting adds
Plus after success, single-node login system can be by the application list back page having permission with lack of competence after addition authority.
Further, if single-node login system returns page using the addition interface transmission user profile failure of above-mentioned authority
Face information;If adding the operation associated failure of selected application program and specified user, same back page is carried
Show information.
By the embodiment of the present invention, it is possible to achieve multiple application programs are carried out with authority addition behaviour at a system login end
Make, it is to avoid go to add the defect that operating process is complicated, operating efficiency is low that authority is caused in each application program.Enter one
Step ground, by arranging this addition authority, can increase the flexibility of priority assignation.
Alternatively, above-mentioned removing module includes:3rd receiving submodule, is used for for being received using single-node login system
Authority removal request, authority removal request is used to indicate to delete to specify user to the respective application journey in multiple application programs
The access privilege of sequence;Second calls submodule, for being called in multiple application programs according to authority removal request
The authority of corresponding application programs deletes interface;Submodule is deleted, is deleted for the specified user for deleting interface by authority
Except the access privilege to the corresponding application programs.
During enforcement, when the user right for specifying user is deleted, in the application list of the lack of competence of above-mentioned return
Application program, clicks on deletion action button and sends the authority removal request for deleting user right.Single-node login system is received
To after the authority removal request of user, it is intended that the user profile of user, including the title and the unique encodings of user of user
ID, and the relevant information of the application program is obtained according to selected application program, and then choosing is called according to the relevant information
The authority of fixed application program deletes interface, and the coding ID and other users information of specified user, current login are used
The user profile at family, passes to selected application program, and by the authority of application program verification currently logged on user,
The relevant information of specified user is deleted from the user message table of the application program after being verified.Authority adds interface
After operation success, single-node login system can delete associating for specified user and selected application program.Specified user is to choosing
The user right of fixed application program is deleted after success, and single-node login system can will delete having permission after authority and have no right
The application list back page of limit.
Further, if single-node login system deletes interface using above-mentioned authority deletes user profile failure, page is returned
Face information;If deleting the operation associated failure of selected application program and specified user, same back page is carried
Show information.
By the embodiment of the present invention, it is possible to achieve multiple application programs are carried out with authority at a system login end and deletes behaviour
Make, it is to avoid go to delete the defect that operating process is complicated, operating efficiency is low that authority is caused in each application program.Enter one
Step ground, by arranging this deletion authority, can increase the flexibility of priority assignation.
The embodiments of the present invention are for illustration only, do not represent the quality of embodiment.
In the above embodiment of the present invention, the description to each embodiment all emphasizes particularly on different fields, and does not have in certain embodiment
The part of detailed description, may refer to the associated description of other embodiment.
In several embodiments provided herein, it should be understood that disclosed technology contents, other can be passed through
Mode realize.Wherein, device embodiment described above is only schematic, such as division of described unit,
Can be a kind of division of logic function, can there is other dividing mode, such as multiple units or component when actually realizing
Can with reference to or be desirably integrated into another system, or some features can be ignored, or not perform.It is another, institute
The coupling each other for showing or discussing or direct-coupling or communication connection can be by some interfaces, unit or mould
The INDIRECT COUPLING of block or communication connection, can be electrical or other forms.
The unit as separating component explanation can be or may not be it is physically separate, it is aobvious as unit
The part for showing can be or may not be physical location, you can with positioned at a place, or can also be distributed to
On multiple units.Some or all of unit therein can be according to the actual needs selected to realize this embodiment scheme
Purpose.
In addition, each functional unit in each embodiment of the invention can be integrated in a processing unit, it is also possible to
It is that unit is individually physically present, it is also possible to which two or more units are integrated in a unit.It is above-mentioned integrated
Unit both can be realized in the form of hardware, it would however also be possible to employ the form of SFU software functional unit is realized.
If the integrated unit is realized and as independent production marketing or when using using in the form of SFU software functional unit,
During a computer read/write memory medium can be stored in.Based on such understanding, technical scheme essence
On all or part of prior art is contributed part in other words or the technical scheme can be with software product
Form is embodied, and the computer software product is stored in a storage medium, including some instructions are used so that one
Platform computer equipment (can be personal computer, server or network equipment etc.) performs each embodiment institute of the invention
State all or part of step of method.And aforesaid storage medium includes:USB flash disk, read-only storage (ROM, Read-Only
Memory), random access memory (RAM, Random Access Memory), portable hard drive, magnetic disc or CD
Etc. it is various can be with the medium of store program codes.
The above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, under the premise without departing from the principles of the invention, some improvements and modifications can also be made, these improve and moisten
Decorations also should be regarded as protection scope of the present invention.
Claims (10)
1. a kind of processing method of access privilege, it is characterised in that include:
Whether the current logon account on detection single-node login system is keeper's account, wherein, the single-point is stepped on
Recording system is used to process the corresponding access privilege of multiple application programs;
Testing result be the described current logon account on the single-node login system be keeper's account
In the case of, the current logon account is using the single-node login system to the corresponding use of the plurality of application program
Family access rights are processed.
2. method according to claim 1, it is characterised in that the current logon account utilizes the single-sign-on
System carries out processing to the corresponding access privilege of the plurality of application program includes at least one of:
The current logon account checks specified user to the plurality of application program using the single-node login system
Access privilege;
The current logon account specifies user to the plurality of application program using single-node login system addition
In corresponding application programs access privilege;
The current logon account is deleted using the single-node login system and specifies user to the plurality of application program
In corresponding application programs access privilege.
3. method according to claim 2, it is characterised in that check specified user using the single-node login system
The access privilege of the plurality of application program is included:
Received using the single-node login system and check request for authority, the authority checks request for indicating
Check access privilege of the specified user to the plurality of application program;
Check that request returns authority and checks result according to the authority;
The authority according to returning checks that result checks that specified user is accessed the user of the plurality of application program
Authority.
4. method according to claim 2, it is characterised in that specify user using single-node login system addition
The access privilege of the corresponding application programs in the plurality of application program is included:
Received using the single-node login system and asked for authority addition, the authority addition request is used to indicate
Access privilege of the user to the corresponding application programs in the plurality of application program is specified in addition;
The authority addition of the corresponding application programs in the plurality of application program of request call is added according to the authority
Interface;
It is the access privilege of the specified user's addition to the corresponding application programs to add interface by the authority.
5. method according to claim 2, it is characterised in that deleted using the single-node login system and specify user
The access privilege of the corresponding application programs in the plurality of application program is included:
Received for authority removal request using the single-node login system, the authority removal request is used to indicate
Delete and specify access privilege of the user to the corresponding application programs in the plurality of application program;
The authority that the corresponding application programs in the plurality of application program are called according to the authority removal request is deleted
Interface;
It is the access privilege of the specified user's deletion to the corresponding application programs to delete interface by the authority.
6. a kind of processing meanss of access privilege, it is characterised in that include:
Detector unit, for detecting whether the current logon account on single-node login system is keeper's account, its
In, the single-node login system is used to process the corresponding access privilege of multiple application programs;
Processing unit, for be in testing result the described current logon account on the single-node login system be institute
In the case of stating keeper's account, the current logon account is answered the plurality of using the single-node login system
Processed with the corresponding access privilege of program.
7. device according to claim 6, it is characterised in that the processing unit includes at least one of:
Module is checked, checks specified user to institute using the single-node login system for the current logon account
State the access privilege of multiple application programs;
Add module, user is specified to institute for the current logon account using single-node login system addition
State the access privilege of the corresponding application programs in multiple application programs;
Removing module, is deleted using the single-node login system for the current logon account and specifies user to institute
State the access privilege of the corresponding application programs in multiple application programs.
8. device according to claim 7, it is characterised in that described to check that module includes:
First receiving submodule, request is checked for receiving using the single-node login system for authority, described
Authority checks request for indicating to check access privilege of the specified user to the plurality of application program;
Response submodule, for checking that request returns authority and checks result according to the authority;
Submodule is checked, for checking that result checks that specified user is answered the plurality of according to the authority for returning
With the access privilege of program.
9. device according to claim 7, it is characterised in that the add module includes:
Second receiving submodule, is asked for being received using the single-node login system for authority addition, described
Authority addition request specifies use of the user to the corresponding application programs in the plurality of application program for indicating addition
Family access rights;
First calls submodule, for adding the phase in the plurality of application program of request call according to the authority
The authority for answering application program adds interface;
Addition submodule, adds to the respective application journey for adding interface by the authority for the specified user
The access privilege of sequence.
10. device according to claim 7, it is characterised in that the removing module includes:
3rd receiving submodule, it is described for being received for authority removal request using the single-node login system
Authority removal request is used to indicate to delete to specify use of the user to the corresponding application programs in the plurality of application program
Family access rights;
Second calls submodule, for calling the phase in the plurality of application program according to the authority removal request
The authority for answering application program deletes interface;
Submodule is deleted, is deleted to the respective application journey for the specified user for deleting interface by the authority
The access privilege of sequence.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510729557.3A CN106650399A (en) | 2015-10-30 | 2015-10-30 | Processing method and device for user access permissions |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510729557.3A CN106650399A (en) | 2015-10-30 | 2015-10-30 | Processing method and device for user access permissions |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106650399A true CN106650399A (en) | 2017-05-10 |
Family
ID=58809336
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510729557.3A Pending CN106650399A (en) | 2015-10-30 | 2015-10-30 | Processing method and device for user access permissions |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106650399A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109559089A (en) * | 2018-10-26 | 2019-04-02 | 深圳壹账通智能科技有限公司 | Data processing method, device, equipment and the storage medium of main plateform system |
| CN109740333A (en) * | 2018-12-28 | 2019-05-10 | 上汽通用五菱汽车股份有限公司 | The right management method of integrated system and subsystem, server and storage medium |
| CN110417820A (en) * | 2019-09-05 | 2019-11-05 | 曙光信息产业(北京)有限公司 | Processing method, device and the readable storage medium storing program for executing of single-node login system |
| CN110851819A (en) * | 2019-11-20 | 2020-02-28 | 杭州安恒信息技术股份有限公司 | Multi-application access authority control method and device and electronic equipment |
| CN112528305A (en) * | 2020-12-16 | 2021-03-19 | 平安银行股份有限公司 | Access control method, device, electronic equipment and storage medium |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104506499A (en) * | 2014-12-11 | 2015-04-08 | 歌尔声学股份有限公司 | Single sign-on method and device for application systems |
-
2015
- 2015-10-30 CN CN201510729557.3A patent/CN106650399A/en active Pending
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104506499A (en) * | 2014-12-11 | 2015-04-08 | 歌尔声学股份有限公司 | Single sign-on method and device for application systems |
Non-Patent Citations (2)
| Title |
|---|
| 张剑: "《基于CAS的高校单点登录系统研究及设计》", 《软件导刊·教育技术》 * |
| 李秋野: "《云南移动网络运营平台之单点登录系统的设计与实现》", 《中国优秀硕士学位论文全文数据库(信息科技辑)》 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109559089A (en) * | 2018-10-26 | 2019-04-02 | 深圳壹账通智能科技有限公司 | Data processing method, device, equipment and the storage medium of main plateform system |
| CN109740333A (en) * | 2018-12-28 | 2019-05-10 | 上汽通用五菱汽车股份有限公司 | The right management method of integrated system and subsystem, server and storage medium |
| CN110417820A (en) * | 2019-09-05 | 2019-11-05 | 曙光信息产业(北京)有限公司 | Processing method, device and the readable storage medium storing program for executing of single-node login system |
| CN110851819A (en) * | 2019-11-20 | 2020-02-28 | 杭州安恒信息技术股份有限公司 | Multi-application access authority control method and device and electronic equipment |
| CN112528305A (en) * | 2020-12-16 | 2021-03-19 | 平安银行股份有限公司 | Access control method, device, electronic equipment and storage medium |
| CN112528305B (en) * | 2020-12-16 | 2023-10-10 | 平安银行股份有限公司 | Access control method, device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106650399A (en) | Processing method and device for user access permissions | |
| US9661025B2 (en) | Method and apparatus for identifying and detecting threats to an enterprise or e-commerce system | |
| CN104915296B (en) | Buried point testing method, data query method and device | |
| US9652597B2 (en) | Systems and methods for detecting information leakage by an organizational insider | |
| US8266127B2 (en) | Systems and methods for directed forums | |
| CN105279435B (en) | Webpage leak detection method and device | |
| CN102968584B (en) | A kind of method and apparatus of log-on webpage | |
| CN103581111B (en) | A kind of communication means and system | |
| CN101345751A (en) | Identifying an application user as a source of database activity | |
| US20210320925A1 (en) | Providing access to content within a computing environment | |
| CN102761628B (en) | Pan-domain name identification and processing device and method | |
| CN111885007B (en) | Information tracing method, device, system and storage medium | |
| CN106897217A (en) | Method of testing and test device | |
| US8595843B1 (en) | Techniques for identifying sources of unauthorized code | |
| CN107147748A (en) | File uploading method and device | |
| CN106993009A (en) | A kind of method and apparatus for loading webpage in a browser | |
| CN110069911A (en) | Access control method, device, system, electronic equipment and readable storage medium storing program for executing | |
| Sibiya et al. | Digital forensics in the cloud: The state of the art | |
| CN108804399A (en) | The method of calibration and device of list | |
| US20140157383A1 (en) | Access management system and method | |
| CN108876314B (en) | Career professional ability traceable method and platform | |
| CN106156146A (en) | The method and apparatus of cluster conversation anonymous pet name distribution | |
| CN102253948A (en) | Method and device for searching information in multi-source information system | |
| CN106257520A (en) | Resolve answer method and system | |
| CN107301349A (en) | A kind of Access and control strategy of database method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 100083 No. 401, 4th Floor, Haitai Building, 229 North Fourth Ring Road, Haidian District, Beijing Applicant after: Beijing Guoshuang Technology Co.,Ltd. Address before: 100086 Cuigong Hotel, 76 Zhichun Road, Shuangyushu District, Haidian District, Beijing Applicant before: Beijing Guoshuang Technology Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170510 |
|
| RJ01 | Rejection of invention patent application after publication |