CN107196915A - Authority setting method, apparatus and system - Google Patents
Authority setting method, apparatus and system Download PDFInfo
- Publication number
- CN107196915A CN107196915A CN201710278548.6A CN201710278548A CN107196915A CN 107196915 A CN107196915 A CN 107196915A CN 201710278548 A CN201710278548 A CN 201710278548A CN 107196915 A CN107196915 A CN 107196915A
- Authority
- CN
- China
- Prior art keywords
- mark
- function
- server
- configuration file
- function identification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 33
- 230000004044 response Effects 0.000 claims abstract description 19
- 238000012797 qualification Methods 0.000 claims description 12
- 238000007726 management method Methods 0.000 description 33
- 230000000694 effects Effects 0.000 description 5
- 238000001514 detection method Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 206010033799 Paralysis Diseases 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 235000013399 edible fruits Nutrition 0.000 description 1
- 210000004209 hair Anatomy 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the present invention provides a kind of authority setting method, apparatus and system, and this method includes:The configuration file that at least one server is each sent is obtained, configuration file includes server identification, Function Identification and authority items corresponding with Function Identification mark;Repertoire mark in the configuration file of the different server got is completely shown in same setting interface with whole authority items marks according to default display mode;In response to being identified including user, the priority assignation instruction of at least one Function Identification to be opened and at least one authority items to be opened mark, the access right that at least one corresponding authority items mark to be opened of at least one Function Identification to be opened is set disposably is identified for user in same setting interface, simplify the operation of priority assignation, improve priority assignation efficiency.
Description
Technical field
The present invention relates to field of computer technology, more particularly to a kind of authority setting method, apparatus and system.
Background technology
The network system of an enterprises would generally be set in enterprise practical operation, and this network system is generally wrapped
Containing multiple servers, each server service function different to provide.If all employees in enterprise can access
All service functions in the offer of each server, then this network system is easy for because the maloperation of some employee is made
Even whole network paralysis can not be used into some functions.Therefore in order to ensure that the service function that each server is provided can be just
Often use, it usually needs set up the division that a Rights Management System carries out access right to the employee of different stage in enterprise,
Each employee is set to be only capable of using function corresponding with its identity.
And in the prior art, want to be set using authority for certain user, it is assumed that need the authority opened for the user to be pair
It should then need to contact the attendant of corresponding each server in the service function of different server, ask it on each server
The access right of respective service function is opened for the user, this not only increases the complexity of priority assignation operation, also reduces power
Limit the efficiency set.
The content of the invention
In view of this, the embodiment of the present invention provides a kind of authority setting method, apparatus and system, to improve priority assignation
Convenience.
The embodiment of the present invention provides a kind of authority setting method, is implemented in rights management platform, including:
The configuration file that at least one server is each sent is obtained, the configuration file includes server identification, work(
It can identify and authority items corresponding with Function Identification mark, the Function Identification is the service work(that corresponding server is provided
The mark of energy;
According to default display mode and the configuration file, each self-corresponding function mark of at least one described server of display
Know the corresponding relation identified with authority items;
In response to being identified including user, Function Identification to be opened and authority items to be opened mark priority assignation instruction, be
User's mark sets the access right of the corresponding authority items mark to be opened of the Function Identification to be opened.
Alternatively, the basis presets display mode and the configuration file, and at least one described server of display is each
The corresponding relation of corresponding Function Identification and authority items, including:
Any configuration file in the configuration file each sent at least one described server, is obtained described any
The mark of display function included in configuration file;
According to the server identification included in any configuration file, the corresponding whole work(of the server identification are obtained
Can mark;
Function Identification to be shown is determined according to the display function mark and repertoire mark;
According to the default display mode, the display Function Identification to be shown and institute are associated with the server identification
State the corresponding authority items mark of Function Identification to be shown.
Alternatively, it is described that for user mark, the corresponding authority items to be opened of the Function Identification to be opened are set
Before the access right of mark, in addition to:
Determine that the user identifies whether corresponding user has the qualification for opening the access right.
Alternatively, it is described that for user mark, the corresponding authority items to be opened of the Function Identification to be opened are set
After the access right of mark, in addition to:
Authority inquiry request is received, the authority inquiry request includes user's mark to be checked, Function Identification to be checked
With authority items to be checked mark;
Determine in access right database with the presence or absence of user's mark to be checked, the Function Identification to be checked and institute
State and remember in the access right record of authority items mark to be checked, the access right database comprising configured access right
Record.
The embodiment of the present invention provides a kind of priority assignation device, including:
Acquisition module, for obtaining the configuration file that at least one server is each sent, the configuration file includes
Server identification, Function Identification and authority items corresponding with Function Identification mark, the Function Identification is corresponding with service
The mark for the service function that device is provided;
Display module, for according to default display mode and the configuration file obtained, showing at least one described clothes
The corresponding relation that each self-corresponding Function Identification of device and the authority items of being engaged in are identified;
Setup module, in response to being identified including user, Function Identification to be opened and authority items to be opened mark power
Limit sets instruction, is that user's mark sets making for the corresponding authority items mark to be opened of Function Identification to be opened
Use authority.
Alternatively, the display module includes:
Acquiring unit, for any configuration text in the configuration file that is each sent at least one described server
Part, obtains the mark of display function included in any configuration file, and include according in any configuration file
Server identification, obtain the corresponding repertoire mark of the server identification;
Determining unit, for display function mark and repertoire mark to determine function mark to be shown according to
Know;
Display unit, it is described to be shown for according to the default display mode, associating display with the server identification
Function Identification and the corresponding authority items mark of the Function Identification to be shown.
Alternatively, described device also includes:
Determining module, for determining that the user identifies whether corresponding user has the money for opening the access right
Lattice.
Alternatively, described device also includes:
Receiving module, for receiving authority inquiry request, the authority inquiry request includes user's mark to be checked, treated
Query function is identified and authority items to be checked mark;
Determining module, is additionally operable to determine in access right database with the presence or absence of the user to be checked mark, described treats
Query function is identified and the access right of the authority items mark to be checked is recorded, comprising in the access right database
The access right record of setting.
The embodiment of the present invention provides a kind of priority assignation system, including:
As above the priority assignation device described in any one, and at least one server;
The server, for generating configuration file, configuration file is sent to the priority assignation device;
The priority assignation device, for obtaining the configuration file that at least one server is each sent, the configuration text
Part includes server identification, Function Identification and authority items corresponding with Function Identification mark, and the Function Identification is
The mark for the service function that corresponding server is provided;According to default display mode and the configuration file, at least one described in display
The corresponding relation that individual each self-corresponding Function Identification of server is identified with authority items;In response to being identified including user, work(to be opened
It can identify and the priority assignation of authority items to be opened mark is instructed, be that user's mark sets the Function Identification pair to be opened
The access right for the authority items mark to be opened answered.
Authority setting method provided in an embodiment of the present invention, apparatus and system, when each server is disposing respective correspondence
Function when, can will identify, dispose comprising corresponding server function Function Identification and it is corresponding with Function Identification power
The configuration file of limit item mark is sent to rights management platform.Rights management platform owning acquisition according to default display mode
Whole Function Identifications and the corresponding whole authority items marks of the Function Identification are shown in same set in the lump in configuration file
Put in interface, that is to say and embody the configuration file that rights management platform side includes multiple servers, and can be by multiple clothes
Content in the corresponding configuration file of business device is shown in same setting interface in the lump.When needing to set authority for certain user,
It can be identified with trigger packet containing user, the priority assignation that Function Identification to be opened and authority items to be opened are identified is instructed, wherein, wait out
Logical function can be the multiple functions to be opened being located in different server.Due to whole Function Identification and corresponding
Whole authority items mark is shown in the lump in same setting interface, therefore rights management platform response is in after this instruction,
It is disposably the user to show in the setting interface of the Function Identification in whole configuration files and authority items mark
The access right for each function of needing to open is set, the operation of priority assignation is simplified, improves the efficiency of priority assignation.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
There is the accompanying drawing used required in technology description to be briefly described, it should be apparent that, drawings in the following description are this hairs
Some bright embodiments, for those of ordinary skill in the art, on the premise of not paying creative work, can be with root
Other accompanying drawings are obtained according to these accompanying drawings.
Fig. 1 is the flow chart of authority setting method embodiment one provided in an embodiment of the present invention;
Fig. 2 is the schematic diagram of rights management platform in authority setting method provided in an embodiment of the present invention;
Fig. 3 is the flow chart of authority setting method embodiment two provided in an embodiment of the present invention;
Fig. 4 is the structural representation of priority assignation device embodiment one provided in an embodiment of the present invention;
Fig. 5 is the structural representation of priority assignation device embodiment two provided in an embodiment of the present invention;
Fig. 6 is the structural representation of priority assignation system provided in an embodiment of the present invention.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention
In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is
A part of embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art
The every other embodiment obtained under the premise of creative work is not made, belongs to the scope of protection of the invention.
The term used in embodiments of the present invention is the purpose only merely for description specific embodiment, and is not intended to be limiting
The present invention." one kind ", " described " and "the" of singulative used in the embodiment of the present invention and appended claims
It is also intended to including most forms, unless context clearly shows that other implications, " a variety of " generally comprise at least two, but not
Exclude and include at least one situation.
It should be appreciated that term "and/or" used herein is only a kind of incidence relation for describing affiliated partner, represent
There may be three kinds of relations, for example, A and/or B, can be represented:Individualism A, while there is A and B, individualism B these three
Situation.In addition, character "/" herein, it is a kind of relation of "or" to typically represent forward-backward correlation object.
It will be appreciated that though XXX may be described using term first, second, third, etc. in embodiments of the present invention, but
These XXX should not necessarily be limited by these terms.These terms are only used for XXX being distinguished from each other out.For example, not departing from implementation of the present invention
In the case of example scope, the first XXX can also be referred to as the 2nd XXX, similarly, and the 2nd XXX can also be referred to as the first XXX.
Depending on linguistic context, word as used in this " if ", " if " can be construed to " ... when " or
" when ... " or " in response to determining " or " in response to detection ".Similarly, depending on linguistic context, phrase " if it is determined that " or " such as
Fruit detection (condition or event of statement) " can be construed to " when it is determined that when " or " in response to determine " or " when detection (statement
Condition or event) when " or " in response to detection (condition or event of statement) ".
It should also be noted that, term " comprising ", "comprising" or its any other variant are intended to nonexcludability
Comprising, so that commodity or system including a series of key elements not only include those key elements, but also including without clear and definite
Other key elements listed, or also include for this commodity or the intrinsic key element of system.In the feelings of not more limitations
Under condition, the key element limited by sentence "including a ...", it is not excluded that in the commodity or system including the key element also
There is other identical element.
Fig. 1 is the flow chart of authority setting method embodiment one provided in an embodiment of the present invention.The power that the present embodiment is provided
The executive agent for limiting method to set up can be rights management platform, and this method comprises the following steps:
S101, obtains the configuration file that at least one server is each sent, and configuration file includes server identification, work(
It can identify and authority items corresponding with Function Identification mark, Function Identification is the mark for the service function that corresponding server is provided
Know.
It can be disposed on each server and at least one authority is included at least one service function, each service function
, by the corresponding authority items mark of the corresponding Function Identification of service function, authority items in some server and the server mark
Know in write-in configuration file, to generate configuration file corresponding with the server, and be uploaded to rights management platform.
Wherein, as a kind of mode for alternatively triggering upload configuration file activities, when the service work(disposed on server
When can change, the Function Identification changed and corresponding authority items mark write-in configuration file will be configured
File is uploaded to rights management platform.
As another mode for alternatively triggering upload configuration file activities, regularly by the configuration file of server side
It is uploaded to rights management platform.
Rights management platform obtain the respective configuration file of each server include server identification, Function Identification with
And authority items corresponding with Function Identification are identified, that is, rights management platform includes being deployed in the whole on different server
Function Identification and corresponding whole authority items mark.Server identification in configuration file can know the configuration
Document source is in which server, and Function Identification is used to represent the service function that configuration file subordinate server is provided, function
Mark is corresponded with service function, and each Function Identification and at least one corresponding authority items are identified to exist and closed
Connection relation, authority items are identified to represent the authority items that this Function Identification can be set.
S102, according to default display mode and configuration file, shows each self-corresponding Function Identification of at least one server
The corresponding relation identified with authority items.
Rights management platform obtains the corresponding configuration file of at least one server on the basis of step S101, and according to
All Function Identifications that default display mode includes at least one configuration file and corresponding with each Function Identification
Authority items mark is intactly shown on same setting interface, and wherein rights management platform side can be preset with a variety of display sides
Formula.
Assuming that in the presence of three kinds of service functions being respectively deployed on three servers, that is to say these three service functions correspondence
Function Identification and authority items mark be located at different configuration files in, their Function Identification be respectively Function Identification A,
Function Identification B and Function Identification C, and Function Identification A correspondences have permission item mark a1 and authority items mark a2, Function Identification B
Correspondence has permission item mark b1, Function Identification C correspondence and has permission item mark c1, authority items mark c2 and authority items mark c3.This
When, rights management platform can be identified repertoire using a kind of display mode of optional, as shown in Figure 2 tree structure
And each the corresponding whole authority items marks of Function Identification are shown in same permission configuration interface.
S103, in response to being identified including user, Function Identification to be opened and authority items to be opened mark priority assignation refer to
Order, is the access right that user's mark sets the corresponding authority items mark to be opened of Function Identification to be opened.
Rights management platform response, in the priority assignation instruction of external world's triggering, is that user sets authority.It is optional as one kind
Ground priority assignation instruction triggers mode, priority assignation personnel are on permission configuration interface by choosing user's mark and work(to be opened
It can identify and authority items mark to be opened corresponding with Function Identification to be opened instructs to trigger priority assignation, wherein whole
Function Identification and whole authority items marks can be shown on same setting interface.
Rights management platform response is after this priority assignation is instructed, the Function Identification to be opened in being instructed according to priority assignation
And the corresponding authority items mark to be opened of Function Identification to be opened performs the setting operation of access right.Meanwhile, treat that authority is set
After the completion of putting, it is that this priority assignation generates a priority assignation record, is stored in the rights database of rights management platform
In.
What deserves to be explained is, due to the repertoire mark and whole authorities in the corresponding configuration file of each server
Item mark is shown on same setting interface, even if therefore being deployed in different services when being included in priority assignation instruction
The corresponding authority items mark to be opened of multiple Function Identifications to be opened and multiple Function Identifications to be opened on device, can also be
It is configured in same setting interface.
In the present embodiment, when each server is disposing each self-corresponding function, corresponding server mark can will be included
Know, disposed the Function Identification of function and the configuration file of authority items corresponding with Function Identification mark is sent to rights management
Platform.Rights management platform is according to default display mode by Function Identification whole in all configuration files of acquisition and the work(
Corresponding whole authority items marks can be identified to be shown in the lump in same setting interface, that is to say and embody rights management platform
Side includes the configuration file of multiple servers, and can show the content in the corresponding configuration file of multiple servers in the lump
In same setting interface., can be with trigger packet containing user's mark, Function Identification to be opened when needing to set authority for certain user
The priority assignation instruction identified with authority items to be opened, wherein, function to be opened can be multiple in different server
Function to be opened.Because whole Function Identifications and corresponding whole authority items mark are to be shown in same setting in the lump
In interface, therefore rights management platform response is in after this instruction, Function Identification in whole configuration files are shown and
The access right for each function of needing to open can be disposably set in the setting interface of authority items mark for the user, simplified
The operation of priority assignation, improves the efficiency of priority assignation.
Fig. 3 is the flow chart of authority setting method embodiment two provided in an embodiment of the present invention, as shown in figure 3, this method
Comprise the following steps:
S201, the configuration file that at least one server is each sent is obtained, configuration file includes server identification, work(
It can identify and authority items corresponding with Function Identification mark, Function Identification is the mark for the service function that corresponding server is provided
Know.
S202, according to default display mode and configuration file, shows each self-corresponding Function Identification of at least one server
The corresponding relation identified with authority items.
Above-mentioned steps S201-S202 implementation procedure may refer to the associated description in embodiment as shown in Figure 1, herein not
Repeat.
And display mode and configuration file are preset for the basis in step S202, show that at least one server is each right
The corresponding relation that the Function Identification answered is identified with authority items, the present embodiment also provides a kind of optional implementation:Rights management
Platform parses the configuration file and obtains what is included in the configuration file after the configuration file that at least one server is sent is obtained
Function Identification, the Function Identification is the Function Identification shown.When there is increasing, modifying or deleting service function, server
Side can increase, modify or delete being identified to Function Identification and authority items in configuration file in real time, and by the configuration after renewal
File is uploaded to rights management platform.Rights management platform parses the configuration file after this renewal, obtains and text is configured after the renewal
The repertoire mark included in part.Identified according to display function and repertoire identifies and determines what is increased, modified or deleted
Function Identification, that is to say and Function Identification to be shown is determined and corresponding authority items mark, by this function to be shown
Mark and authority items mark are shown according to default display mode.
Above-mentioned steps S201-S202 can realize by the repertoire of each server mark and whole authority items identify into
Row display.And Function Identification and authority items of the rights management platform based on above-mentioned display are designated before user's progress priority assignation
Generally also need to the access right qualification to user to be determined, to avoid the access right for setting mistake for user, cause to make
With the confusion of authority.Therefore, on the basis of Fig. 1 embodiments, before step S103 is performed, authority setting method can also be wrapped
Include following steps:
S203, in response to being identified including user, Function Identification to be opened and authority items to be opened mark priority assignation refer to
Order, determines that user identifies whether corresponding user has the qualification for opening access right, if qualifying, performs step
S204, otherwise terminates.
The present embodiment provides a kind of alternatively access right qualification determination mode:User in being instructed according to priority assignation
Mark obtains the relevant information for the user for needing to carry out priority assignation, and the relevant information of user can include the attribute information of user
With class information etc., the attribute information of such as user can be the department where user, and the class information of user can be user
Post.Prestored in access right database in rights management platform corresponding between access right and user related information
Relation, the access right that the user can open can be obtained according to user related information.Power is received in rights management platform
Limit is set after instruction, is obtained using according to user's mark between user related information and user related information and access right
Corresponding relation determines whether the user has the qualification for opening access right.
By taking enterprises as an example, the operation personnel of enterprise planning department has the access right of examination & verification main broadcaster.And according to priority assignation
User's mark in instruction can know the operation personnel that the relevant information that the user identifies corresponding user is enterprise planning department, now
It can then determine that the user has the qualification that can open examination & verification main broadcaster's access right.
Open what is included during priority assignation is instructed determining that the corresponding user of user's mark has according to above-mentioned steps S203
, then can be by performing following steps after the corresponding authority items mark qualification of Function Identification is opened:
S204, is the access right that user's mark sets the corresponding authority items mark to be opened of Function Identification to be opened.
When it is determined that user identify corresponding user have open Function Identification to be opened that priority assignation instruction includes and
When the qualification of the corresponding access right of authority items mark is opened, authority is set for user according to priority assignation instruction.
Above-mentioned steps S204 implementation procedure may refer to the associated description in embodiment as shown in Figure 1, will not be described here.
In addition, the access right in order to which different user is well understood, generally it is also required to provide looking into for access right
Ask function.Therefore, it is being that user's mark sets the corresponding authority items to be opened of Function Identification to be opened according to above-mentioned steps S204
After the access right of mark, then following steps are can also carry out:
S205, receives authority inquiry request, and authority inquiry request includes user's mark to be checked, Function Identification to be checked
With authority items to be checked mark.
After access right is set for user, the access right of user is set into record storage in access right database
In, authority inquiry request can be produced by extraneous triggering, the present embodiment provides a kind of alternatively triggering authority and checks request
Mode:The administrative staff of rights management platform triggered by clicking on the inquiry button on rights management interface authority check please
Ask.Rights management platform receives the power that this is identified comprising user to be checked, Function Identification to be checked and authority items to be checked are identified
Limit inquiry request.
S206, is determined in access right database with the presence or absence of user to be checked mark, Function Identification to be checked and to be checked
Ask and recorded in the access right record of authority items mark, access right database comprising configured access right.
Pass through user to be checked mark, Function Identification to be checked and the authority items to be checked that will be included in authority inquiry request
Identify and matched with the access right record in access right database, can define the competence inquiry request if the match is successful
Corresponding access right note be have been stored in it is in access right database, carried out priority assignation.
In the present embodiment, corresponding user on the one hand is identified to user first before authority is set for user and carries out authority
The checking of qualification is set, to prevent the authority that mistake is set for user.On the other hand, after access right is set for user,
Configured user right can also be inquired about according to authority inquiry request, the administrative staff of rights management platform can
The access right of different user is clearly known, subsequently can more easily to manage the access right of user.
Fig. 4 is the structural representation of priority assignation device embodiment one provided in an embodiment of the present invention, as shown in figure 4, should
Priority assignation device includes:Acquisition module 11, display module 12, setup module 13.
Acquisition module 11, for obtaining the configuration file that at least one server is each sent, configuration file includes clothes
Device mark, Function Identification and the authority items corresponding with Function Identification of being engaged in are identified, and Function Identification is the clothes that corresponding server is provided
The mark for function of being engaged in.
Display module 12, for according to default display mode and the configuration file obtained, showing that at least one server is each
The corresponding relation that self-corresponding Function Identification is identified with authority items.
Setup module 11, in response to being identified including user, Function Identification to be opened and authority items to be opened mark
Priority assignation is instructed, and is the access right that user's mark sets the corresponding authority items mark to be opened of Function Identification to be opened.
Fig. 4 shown devices can perform the method for embodiment illustrated in fig. 1, and the part that the present embodiment is not described in detail can join
Examine the related description to embodiment illustrated in fig. 1.In implementation procedure and the technique effect embodiment shown in Figure 1 of the technical scheme
Description, will not be repeated here.
Fig. 5 is the structural representation of priority assignation device embodiment two provided in an embodiment of the present invention, as shown in figure 5,
On the basis of embodiment illustrated in fig. 4, the display module 12 in the priority assignation device can specifically include:Acquiring unit 121, determination
Unit 122, display unit 123, the priority assignation device also include:Determining module 14, receiving module 15.
Acquiring unit 121 is used for, any configuration file in the configuration file each sent at least one server,
The mark of display function included in any configuration file is obtained, and according to the server mark included in any configuration file
Know, obtain the corresponding repertoire mark of server identification.
Determining unit 122, for determining Function Identification to be shown according to the mark of display function and repertoire mark.
Display unit 123, for according to default display mode, associate with server identification show Function Identification to be shown with
And the corresponding authority items mark of Function Identification to be shown.
Determining module 14, for determining that user identifies whether corresponding user has the qualification for opening access right.
Receiving module 15, for receiving authority inquiry request, authority inquiry request includes user's mark to be checked, to be checked
Ask Function Identification and authority items to be checked mark;
Determining module 14, is additionally operable to determine in access right database with the presence or absence of user to be checked mark, work(to be checked
It can identify and the access right of authority items to be checked mark is recorded, configured access right is included in access right database
Record.
Fig. 5 shown devices can perform the method for embodiment illustrated in fig. 3, and the part that the present embodiment is not described in detail can join
Examine the related description to embodiment illustrated in fig. 3.In implementation procedure and the technique effect embodiment shown in Figure 3 of the technical scheme
Description, will not be repeated here.
Fig. 6 is priority assignation system structure diagram provided in an embodiment of the present invention, and priority assignation system is included at least
One server 1 and priority assignation device 2.
Server 1, for generating configuration file, configuration file is sent to priority assignation device.
Included in each server and at least one authority items is included at least one service function, each service function, will
In the corresponding Function Identification of service function and the corresponding authority items mark write-in configuration file of authority items, to generate and the service
The corresponding configuration file of device, and configuration file is sent to priority assignation device 2.
Priority assignation device 2, is wrapped for obtaining in the configuration file that at least one server 1 is each sent, configuration file
Server identification, Function Identification and authority items corresponding with Function Identification mark are included, Function Identification is that corresponding server is provided
Service function mark;According to default display mode and configuration file, each self-corresponding function of at least one server is shown
The corresponding relation that mark is identified with authority items;In response to being identified including user, Function Identification to be opened and authority items mark to be opened
The priority assignation instruction of knowledge, is the right to use that user's mark sets the corresponding authority items mark to be opened of Function Identification to be opened
Limit.
System shown in Figure 6 is corresponding with the method for embodiment illustrated in fig. 1, the part that the present embodiment is not described in detail, can join
Examine the related description to embodiment illustrated in fig. 1.In implementation procedure and the technique effect embodiment shown in Figure 1 of the technical scheme
Description, will not be repeated here.
Device embodiment described above is only schematical, wherein the unit illustrated as separating component can
To be or may not be physically separate, the part shown as unit can be or may not be physics list
Member, you can with positioned at a place, or can also be distributed on multiple NEs.It can be selected according to the actual needs
In some or all of module realize the purpose of this embodiment scheme.Those of ordinary skill in the art are not paying creativeness
Work in the case of, you can to understand and implement.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can
Realized by the mode of general hardware platform necessary to add, naturally it is also possible to pass through hardware.Understood based on such, above-mentioned skill
The part that art scheme substantially contributes to prior art in other words can be embodied in the form of product, computer production
Product can be stored in a computer-readable storage medium, such as ROM/RAM, magnetic disc, CD, including some instructions are to cause one
Platform computer installation (can be personal computer, server, or network equipment etc.) performs each embodiment or embodiment
Some parts described in method.
Finally it should be noted that:The above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although
The present invention is described in detail with reference to the foregoing embodiments, it will be understood by those within the art that:It still may be used
To be modified to the technical scheme described in foregoing embodiments, or equivalent substitution is carried out to which part technical characteristic;
And these modification or replace, do not make appropriate technical solution essence depart from various embodiments of the present invention technical scheme spirit and
Scope.
Claims (9)
1. a kind of authority setting method, it is characterised in that including:
The configuration file that at least one server is each sent is obtained, the configuration file includes server identification, function mark
Know and authority items corresponding with Function Identification mark, the Function Identification is the service function that corresponding server is provided
Mark;
According to default display mode and the configuration file, display each self-corresponding Function Identification of at least one server with
The corresponding relation of authority items mark;
In response to being identified including user, the priority assignation that Function Identification to be opened and authority items to be opened are identified is instructed, and is described
User's mark sets the access right of the corresponding authority items mark to be opened of the Function Identification to be opened.
2. according to the method described in claim 1, it is characterised in that the basis presets display mode and the configuration file,
The corresponding relation of display each self-corresponding Function Identification of at least one server and authority items, including:
Any configuration file in the configuration file each sent at least one described server, obtains any configuration
What is included in file has shown Function Identification;
According to the server identification included in any configuration file, the corresponding repertoire mark of the server identification is obtained
Know;
Function Identification to be shown is determined according to the display function mark and repertoire mark;
According to the default display mode, the display Function Identification to be shown is associated with the server identification and described is treated
Display function identifies corresponding authority items mark.
3. according to the method described in claim 1, it is characterised in that described that for user mark, the function to be opened is set
Before the access right of the corresponding authority items mark to be opened of mark, in addition to:
Determine that the user identifies whether corresponding user has the qualification for opening the access right.
4. according to the method described in claim 1, it is characterised in that described that for user mark, the function to be opened is set
After the access right of the corresponding authority items mark to be opened of mark, in addition to:
Authority inquiry request is received, the authority inquiry request includes user's mark to be checked, Function Identification to be checked and treated
Search access right mark;
Determine in access right database with the presence or absence of the user to be checked mark, the Function Identification to be checked and described treat
Recorded in the access right record of search access right mark, the access right database comprising configured access right.
5. a kind of priority assignation device, it is characterised in that including:
Acquisition module, for obtaining the configuration file that at least one server is each sent, the configuration file includes service
Device mark, Function Identification and authority items corresponding with Function Identification mark, the Function Identification is that corresponding server is carried
The mark of the service function of confession;
Display module, for according to default display mode and the configuration file obtained, showing at least one described server
The corresponding relation that each self-corresponding Function Identification is identified with authority items;
Setup module, in response to being identified including user, Function Identification to be opened and authority items to be opened mark authority set
Instruction is put, is the right to use that user's mark sets the corresponding authority items mark to be opened of the Function Identification to be opened
Limit.
6. device according to claim 5, it is characterised in that the display module includes:
Acquiring unit, for any configuration file in the configuration file that is each sent at least one described server, is obtained
The display function included in any configuration file is taken to identify, and according to the service included in any configuration file
Device is identified, and obtains the corresponding repertoire mark of the server identification;
Determining unit, for display function mark and repertoire mark to determine Function Identification to be shown according to;
Display unit, for according to the default display mode, associating the display function to be shown with the server identification
Mark and the corresponding authority items mark of the Function Identification to be shown.
7. device according to claim 5, it is characterised in that described device also includes:
Determining module, for determining that the user identifies whether corresponding user has the qualification for opening the access right.
8. device according to claim 5, it is characterised in that described device also includes:
Receiving module, for receiving authority inquiry request, the authority inquiry request includes user's mark to be checked, to be checked
Function Identification and authority items to be checked mark;
Determining module, is additionally operable to determine in access right database with the presence or absence of the user to be checked mark, described to be checked
Comprising configured in the access right record of Function Identification and the authority items mark to be checked, the access right database
Access right record.
9. a kind of priority assignation system, it is characterised in that including:Priority assignation dress as any one of claim 5-8
Put, and at least one server;
The server, for generating configuration file, configuration file is sent to the priority assignation device;
The priority assignation device, for obtaining in the configuration file that at least one server is each sent, the configuration file
Including server identification, Function Identification and authority items corresponding with the Function Identification mark, the Function Identification is correspondence
The mark for the service function that server is provided;According to default display mode and the configuration file, at least one described clothes of display
The corresponding relation that each self-corresponding Function Identification of device and the authority items of being engaged in are identified;In response to being identified including user, function mark to be opened
Know and the priority assignation of authority items to be opened mark is instructed, be that user's mark sets the Function Identification to be opened corresponding
The access right of the authority items mark to be opened.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710278548.6A CN107196915B (en) | 2017-04-25 | 2017-04-25 | Permission setting method, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710278548.6A CN107196915B (en) | 2017-04-25 | 2017-04-25 | Permission setting method, device and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107196915A true CN107196915A (en) | 2017-09-22 |
| CN107196915B CN107196915B (en) | 2020-02-14 |
Family
ID=59873363
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710278548.6A Expired - Fee Related CN107196915B (en) | 2017-04-25 | 2017-04-25 | Permission setting method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107196915B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108173839A (en) * | 2017-12-26 | 2018-06-15 | 北京奇虎科技有限公司 | Right management method and system |
| CN110286907A (en) * | 2019-06-25 | 2019-09-27 | 北京明略软件系统有限公司 | A kind of display methods and device of common button component |
| CN114338059A (en) * | 2020-09-28 | 2022-04-12 | 腾讯科技(深圳)有限公司 | Application opening method, device, terminal and storage medium |
| CN115248933A (en) * | 2021-04-26 | 2022-10-28 | 北京字跳网络技术有限公司 | Authority setting method, device, equipment and medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101388797A (en) * | 2008-11-05 | 2009-03-18 | 杭州华三通信技术有限公司 | Method for realizing authority control in network management and network management system |
| CN103188249A (en) * | 2011-12-31 | 2013-07-03 | 北京亿阳信通科技有限公司 | Concentration permission management system, authorization method and authentication method thereof |
| US20140298481A1 (en) * | 2013-03-29 | 2014-10-02 | Jive Software, Inc. | Entitlements determination via access control lists |
| CN104951527A (en) * | 2015-06-12 | 2015-09-30 | 深圳互娱网络科技有限公司 | System and method for rapid configuration of database management background |
| CN104992118A (en) * | 2015-06-30 | 2015-10-21 | 北京奇虎科技有限公司 | Unified permission management method and system for multiple service systems |
| CN105184145A (en) * | 2015-08-17 | 2015-12-23 | 深圳中兴网信科技有限公司 | Permission management method and management apparatus |
| CN106301940A (en) * | 2016-08-25 | 2017-01-04 | 厦门易灵网络科技有限公司 | A kind of authority configuring method |
-
2017
- 2017-04-25 CN CN201710278548.6A patent/CN107196915B/en not_active Expired - Fee Related
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101388797A (en) * | 2008-11-05 | 2009-03-18 | 杭州华三通信技术有限公司 | Method for realizing authority control in network management and network management system |
| CN103188249A (en) * | 2011-12-31 | 2013-07-03 | 北京亿阳信通科技有限公司 | Concentration permission management system, authorization method and authentication method thereof |
| US20140298481A1 (en) * | 2013-03-29 | 2014-10-02 | Jive Software, Inc. | Entitlements determination via access control lists |
| CN104951527A (en) * | 2015-06-12 | 2015-09-30 | 深圳互娱网络科技有限公司 | System and method for rapid configuration of database management background |
| CN104992118A (en) * | 2015-06-30 | 2015-10-21 | 北京奇虎科技有限公司 | Unified permission management method and system for multiple service systems |
| CN105184145A (en) * | 2015-08-17 | 2015-12-23 | 深圳中兴网信科技有限公司 | Permission management method and management apparatus |
| CN106301940A (en) * | 2016-08-25 | 2017-01-04 | 厦门易灵网络科技有限公司 | A kind of authority configuring method |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108173839A (en) * | 2017-12-26 | 2018-06-15 | 北京奇虎科技有限公司 | Right management method and system |
| CN110286907A (en) * | 2019-06-25 | 2019-09-27 | 北京明略软件系统有限公司 | A kind of display methods and device of common button component |
| CN110286907B (en) * | 2019-06-25 | 2022-11-15 | 北京明略软件系统有限公司 | Display method and device of public button assembly |
| CN114338059A (en) * | 2020-09-28 | 2022-04-12 | 腾讯科技(深圳)有限公司 | Application opening method, device, terminal and storage medium |
| CN115248933A (en) * | 2021-04-26 | 2022-10-28 | 北京字跳网络技术有限公司 | Authority setting method, device, equipment and medium |
| CN115248933B (en) * | 2021-04-26 | 2024-06-11 | 北京字跳网络技术有限公司 | Authority setting method, device, equipment and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107196915B (en) | 2020-02-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20220179993A1 (en) | System and Methods for Privacy Management | |
| Elyas et al. | Towards a systemic framework for digital forensic readiness | |
| CN107196915A (en) | Authority setting method, apparatus and system | |
| CN110035049A (en) | Earlier cyber-defence | |
| CN107667370A (en) | Abnormal account is detected using event log | |
| CN109034661A (en) | User identification method, device, server and storage medium | |
| Li et al. | Security attack analysis using attack patterns | |
| CN106888106A (en) | The extensive detecting system of IT assets in intelligent grid | |
| US20190370477A1 (en) | Systems & Methods for Automated Threat Model Generation from Third Party Diagram Files | |
| CN107220142A (en) | Perform the method and device of data recovery operation | |
| US11568059B2 (en) | Systems and methods for automated threat model generation from diagram files | |
| CN103678446B (en) | Improved mode map based on Data View and database table | |
| CN110278201A (en) | Security strategy evaluation method and device, computer-readable medium and electronic equipment | |
| Al-Dhaqm et al. | Model derivation system to manage database forensic investigation domain knowledge | |
| CN107566350A (en) | Security configuration vulnerability monitoring method, apparatus and computer-readable recording medium | |
| CN107665164A (en) | Secure data detection method and device | |
| US8839449B1 (en) | Assessing risk of information leakage | |
| CN108701339A (en) | Strategy is extracted from natural language document to control for physical access | |
| CN107885634A (en) | The treating method and apparatus of abnormal information in monitoring | |
| Kothia et al. | Knowledge extraction and integration for information gathering in penetration testing | |
| CN107222330A (en) | A kind of intelligent identifying system request and the method for response sensitive content | |
| CN108200776A (en) | For determining the system and method for the safe class of unknown applications | |
| CN110059491A (en) | Data import monitoring method, device, equipment and readable storage medium storing program for executing | |
| Wen et al. | Ontology-based scenario modeling for cyber security exercise | |
| Stahl et al. | Intelligence Techniques in Computer Security and Forensics: at the boundaries of ethics and law |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210208 Address after: 101300 309, 3rd floor, 60 Fuqian 1st Street, Tianzhu District, Shunyi District, Beijing Patentee after: Beijing longzhixin Technology Co.,Ltd. Address before: 100041 room 120, 4th floor, building 17, yard 30, Shixing street, Shijingshan District, Beijing Patentee before: BEIJING PANDA MUTUAL ENTERTAINMENT TECHNOLOGY Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20200214 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |