CN108416195A - Cross-platform method for managing user right, device, computer equipment and storage medium - Google Patents

Cross-platform method for managing user right, device, computer equipment and storage medium Download PDF

Info

Publication number
CN108416195A
CN108416195A CN201810161846.1A CN201810161846A CN108416195A CN 108416195 A CN108416195 A CN 108416195A CN 201810161846 A CN201810161846 A CN 201810161846A CN 108416195 A CN108416195 A CN 108416195A
Authority
CN
China
Prior art keywords
user
platform
permission
original
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810161846.1A
Other languages
Chinese (zh)
Other versions
CN108416195B (en
Inventor
白益仲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201810161846.1A priority Critical patent/CN108416195B/en
Priority to PCT/CN2018/081507 priority patent/WO2019165668A1/en
Publication of CN108416195A publication Critical patent/CN108416195A/en
Application granted granted Critical
Publication of CN108416195B publication Critical patent/CN108416195B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Automation & Control Theory (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses cross-platform method for managing user right, device, computer equipment and storage mediums.The cross-platform method for managing user right, including:The original user rights management data of at least two business platforms transmission is obtained, original user rights management data includes original user ID, user role and original user permission, and original user rights management data is associated with platform identification;Based on user role, integration processing is carried out to the original user permission at least two business platforms, obtains target user's permission corresponding with each original user ID;If target user's permission carries cross-platform mark, at least two target platforms mark corresponding with cross-platform mark is obtained;Target user's permission is sent to business platform corresponding at least two target platforms mark.This method can make user have the permission for accessing associated services platform, realize cross-platform user authority management, improve the efficiency of user authority management, while reducing management service cost.

Description

Cross-platform method for managing user right, device, computer equipment and storage medium
Technical field
The present invention relates to big data processing field more particularly to a kind of cross-platform method for managing user right, device, calculating Machine equipment and storage medium.
Background technology
Rights management, refers generally to the safety regulation or security strategy that are arranged according to system, and user can access and only Oneself authorized resource can be accessed.Wherein, what user right solved is that user can access or operate to which resource The problem of.
For the security consideration to platform security and practical business demand, the corresponding operation system of different business platform The type of database of support may be different, such as multiple operation systems support Oracle, Mysql, SQL server etc. respectively, this The otherness of kind of database and personalized the corresponding operation system of each business platform is caused to need the control of data permission It wants oneself to handle, manages and safeguard and is relatively difficult.For example, current group company needs according to the security consideration of practical business demand Different operation systems is configured for different business demands.The considerations of for platform security, different business platform pair The operation system answered would generally give the user right of the user configuration access service platform resource under each business platform.It is current every One user can only access the resource on its corresponding business platform according to the user right of its own, and it is associated can not to access other The corresponding resource of business platform, causes inconvenience to the user.Moreover, the user authority management logic of current different business platform is mutual It is independent so that it is managed and maintenance cost is larger.
Invention content
A kind of cross-platform method for managing user right of offer of the embodiment of the present invention, device, computer equipment and storage medium, The problems of its corresponding business platform can only be accessed to solve the user on current different business platform.
In a first aspect, the embodiment of the present invention provides a kind of cross-platform method for managing user right, including:
Obtain the original user rights management data of at least two business platforms transmission, the original user rights management number According to including original user ID, user role and original user permission, the original user rights management data is closed with platform identification Connection;
Based on the user role, integration processing is carried out to the original user permission at least two business platforms, Obtain target user's permission corresponding with each original user ID;
If target user's permission carries cross-platform mark, obtain corresponding at least with the cross-platform mark Two target platform marks;
Target user's permission is sent to business platform corresponding at least two target platforms mark.
Second aspect, the embodiment of the present invention provide a kind of cross-platform user authority management device, including:
Original user rights management data acquisition module, the original user power for obtaining the transmission of at least two business platforms Limit management data, the original user rights management data includes original user ID, user role and original user permission, described Original user rights management data is associated with platform identification;
Target user's authority acquiring module, for being based on the user role, at least two business platforms Original user permission carries out integration processing, obtains target user's permission corresponding with each original user ID;
Target platform identifier acquisition module, if carrying cross-platform mark for target user's permission, obtain with The corresponding at least two target platforms mark of cross-platform mark;
Target user's permission sending module, for target user's permission to be sent to and at least two target platform marks Sensible corresponding business platform.
The third aspect, the embodiment of the present invention provide a kind of computer equipment, including memory, processor and are stored in institute The computer program that can be run in memory and on the processor is stated, the processor executes real when the computer program The step of existing cross-platform method for managing user right.
Fourth aspect, the embodiment of the present invention provide a kind of computer readable storage medium, the computer-readable storage medium Matter is stored with computer program, and the computer program realizes the cross-platform method for managing user right when being executed by processor The step of.
Cross-platform permission centralized management method, apparatus, computer equipment and storage medium provided in an embodiment of the present invention, lead to It crosses user authority management system and the original right management data of different business platform is subjected to integration processing based on user role, obtain Take target user's permission.Then target user's permission is sent to corresponding with target platform mark by user authority management system Business platform so that business platform of the user where oneself will be seen that one's own target user's permission, can also allow Association platform obtains the user in the user right of association platform, realizes the cross-platform management of user right, while improving pair The efficiency of user authority management reduces management service cost.
Description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below by institute in the description to the embodiment of the present invention Attached drawing to be used is needed to be briefly described, it should be apparent that, the accompanying drawings in the following description is only some implementations of the present invention Example, for those of ordinary skill in the art, without having to pay creative labor, can also be according to these attached drawings Obtain other attached drawings.
Fig. 1 is a flow chart of cross-platform method for managing user right in the embodiment of the present invention 1.
Fig. 2 is a specific schematic diagram of step S20 in Fig. 1.
Fig. 3 is another flow chart of cross-platform method for managing user right in the embodiment of the present invention 1.
Fig. 4 is a functional block diagram of cross-platform user authority management device in the embodiment of the present invention 2.
Fig. 5 is the schematic diagram of 4 Computer equipment of the embodiment of the present invention.
Specific implementation mode
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation describes, it is clear that described embodiments are some of the embodiments of the present invention, instead of all the embodiments.Based on this hair Embodiment in bright, the every other implementation that those of ordinary skill in the art are obtained without creative efforts Example, shall fall within the protection scope of the present invention.
Embodiment 1
Fig. 1 shows the flow chart of cross-platform method for managing user right in the present embodiment.The cross-platform user authority management Method is applied in user authority management system, which is connected from different business platforms, for not The corresponding user right of user in same business platform is managed concentratedly, so that the user in business platform, which has, accesses it The access rights of his associated business platform realize cross-platform user authority management, improve the efficiency of user authority management, simultaneously Reduce maintenance cost.As shown in Figure 1, the cross-platform method for managing user right includes the following steps:
S10:Obtain the original user rights management data of at least two business platforms transmission, original user rights management number According to including original user ID, user role and original user permission, original user rights management data is associated with platform identification.
Wherein, business platform refer on line carry out business processing platform, including but not limited to the business platform of our company, Financial platform and third party's outsourcing platform, each business platform have a corresponding platform identification.The platform identification is to use In the mark of the corresponding business platform of unique identification.
Original user rights management data refers to the user authority management number that the platform user is authorized in each business platform According to.The user authority management data refer to the data for associating the corresponding user right of each user.The present embodiment In, each original user Rights Management System is associated with a platform identification, so that user authority management system can be based on platform Mark determines the source of corresponding original user rights management data.Original user rights management data include original user ID, User role and original user permission.
Wherein, original user ID refers to the mark of the user identity for unique identification in a business platform, this is original User ID can be made of platform identification and number, in order to distinguish the user on different business platform.As where a user Business platform is A, and original user ID is then that A+ is numbered.In the present embodiment, different business platform corresponds in same group company The number of each User ID be different, when number of the user in same group company, is unique, convenient for follow-up User is when position changes, the convenient rights management data that user is managed by User ID.
User role refers to for ease of being managed to user and user right, by one group of use with same subscriber permission Family organizes together, and there is this group the user of same subscriber permission to be known as role.In a business platform, each user The corresponding user right of role is different.In business platform A, including office manager and the two kinds of user of business personnel, business Manager's user right corresponding with business personnel is different, and user right of the office manager in business platform A includes a1+a2+ a3, user right of the business personnel in business platform A includes a1+a2, for the ease of being managed to user and user right, industry Office manager and business personnel are divided into different user roles by business platform A, and the corresponding user role of office manager is that manager's grade is used Family;The corresponding user role of business personnel is employee grade user.
Original user permission refers to the safety regulation or security strategy being arranged according to business platform, and user can access certainly The user right for the resource that oneself is authorized in business platform.Original user permission is determined according to user role, is to be used for Limitation user accesses to the resource in business platform the user right of calling.
Since the original user rights management data of all business platforms can be stored in big data platform, user right Management system can directly obtain the original user rights management data of at least two business platforms from big data platform.Due to original Beginning user authority management data are associated with platform identification so that original user ID, user in original user rights management data Role and original user permission are all associated with platform identification, convenient for identification original user ID, user role and original user permission Which business platform belonged to.User authority management system can obtain the original user rights management of different business platform Data, realization are managed collectively the original user rights management data of each business platform.
S20:Based on user role, integration processing is carried out to the original user permission at least two business platforms, is obtained Target user's permission corresponding with each original user ID.
Target user's permission refers to that user right of the corresponding users of original user ID in different business platform converges The user right of the General Logistics Department.
User authority management system is based on user role, and it is corresponding in different business platforms to obtain original user ID Original user permission, by original user ID, corresponding original user permission carries out at integration at least two business platforms Reason obtains original user ID and corresponding all original user permissions and is summarized in different business platforms, is i.e. the original The corresponding target user's permission of beginning User ID.
Such as the user that the original user ID in business platform A is A01, the corresponding original user power in business platform A It is limited to a1+a2+a3, since the user role of the user is manager grade user, possesses and check that other business platforms are used in manager's grade The user right of family employee's grade user below.For example, the original user permission that user A01 possesses in business platform B is b1+ b2, the original user permission possessed in business platform C is c1, user authority management system by business platform A, business platform B and Belong to the corresponding original user permissions of user A01 in business platform C and carry out integration processing, obtaining the corresponding user rights of A01 is a1+a2+a3+b2+c1, target user's permission of user A01 is then a1+a2+a3+b2+c1
Original user permission at least two business platforms is subjected to integration processing, is obtained and each original user ID phases Corresponding target user's permission, convenient for obtaining user rights of each original user ID in different business platform.
S30:If target user's permission carries cross-platform mark, obtain and cross-platform mark corresponding at least two Target platform identifies.
Cross-platform mark, which refers to that all user rights are corresponding in target user's permission, identifies more than the mark formed at two kinds Know.When at least two original user permission in target user's permission, each original user permission has a corresponding platform mark Know, at this point, target user's permission includes at least two platform identifications, target user's permission carries cross-platform mark, is based on The cross-platform mark obtains the corresponding target platform mark of target user's permission.Wherein, target platform mark refers to that target is used The corresponding platform identification of each user right that family permission includes.
Judge at least two target platforms mark whether is carried in target user's permission, if target user's permission carries At least two target platforms identify, then cross-platform mark are generated, so that target user's permission carries cross-platform mark, Yong Huquan Limit management system can obtain corresponding at least two target platforms mark in target user's permission.
It is a if target user's permission of user A011+a2+a3+b2+c1, a1+a2+a3Corresponding platform identification includes A, b2 Corresponding platform identification is B, c1Corresponding platform identification is C, and the corresponding target platform of target user's permission is identified as A, B and C. After obtaining target platform mark, in order to step S40 target user's permission is sent to it is corresponding with target platform mark Business platform.
S40:Target user's permission is sent to business platform corresponding at least two target platforms mark.
User authority management system, can be based at least two mesh in target user's permission after obtaining target user's permission Platform identification is marked, target user's permission, which is sent to each target platform, to be identified in corresponding business platform.If original user ID It is pertaining only to a certain business platform, only stores its corresponding original user permission in its corresponding target user's permission, then its mesh It includes only the corresponding platform identifications of its original user ID to mark in user right, without feeding back to and original target user's permission again The corresponding business platform of beginning User ID, reason is that the business platform is previously stored with corresponding target user's permission, to keep away Exempt to reprocess.
After target user's permission to be sent to business platform corresponding at least two target platforms mark, user right Management system by target user's permission association user permission and corresponding original user ID, be sent to association user permission mark Know corresponding associated services platform.Wherein, association user permission refers to being not belonging to the corresponding original of User ID in target user's permission The other users permission of beginning user right.Association user capability identification refers to the platform identification carried in association user permission.It closes It refers to the corresponding business platform of association user capability identification to join business platform.
If target user's permission of user A01 is a1+a2+a3+b2+c1, a1+a2+a3For the original user permission of user A01, b2And c1For the association user permission of A01.User authority management system is by a1+a2+a3+b2+c1It is sent to the corresponding industry of user A01 It is engaged in after platform A, by b2It is sent to associated services platform B, c with user A011It is sent to associated services platform C with user A01.
Target user's permission is sent to business platform corresponding with original user ID by user authority management system, may make User A01 retains all user rights for belonging to itself in original place business platform, facilitates understanding oneself in different business The user right that can be accessed in platform.Association user permission and corresponding original user ID are sent to association user permission mark Know corresponding associated services platform, the other users information of user A01 is not sent to associated services platform, can be effectively ensured The user information of user A01 is not revealed in associated services platform, while can ensure that user A01 is visited in associated services platform Ask associated services platform corresponding resource.
In step S10-S40, user authority management system pass through obtain at least two business platforms send original user Rights management data is based on user role, integration processing is carried out to the original user permission at least two business platforms, obtains Target user's permission corresponding with each original user ID, and target user's permission is sent to and is identified relatively with target platform The business platform answered so that business platform of the user where oneself will be seen that one's own target user's permission, also may be used To allow association platform to obtain the user in the user right of association platform, the cross-platform management of user right is realized, user is improved The efficiency of rights management, while maintenance cost is reduced, it is managed respectively to avoid the user right to different business platform is needed Reason causes its management to occur with the larger problem of maintenance cost.
In a specific embodiment, target user's permission is sent to and at least two mesh using pre-set URI Mark the corresponding business platform of platform identification.
Wherein, URI (Uniform Resource Identifier, uniform resource identifier) be one based on http or The resource identifier of https agreements, for allowing user to the resource of any (including local and internet) by specifically assisting View interacts operation.URI is by including determining that the scheme of grammer and related protocol is defined.Such as each available resource on Web, Such as html document, image, video clip, program are all by a universal resource identifier (Uniform Resource Identifier, referred to as " URI ") positioned.
Http the or https agreements refer to that business platform and user authority management system appoint user authority management data The format and communication protocol of transmission, prestore in the server, which refers to one for identifying a certain interconnection The character string of net resource name.Using between the protocol realization user authority management system and business platform when the transmission of data, Platform incompatible the problem of causing data that cannot mutually be transmitted is can avoid, to ensure the reality of the cross-platform management of user right It is existing.
Specifically, user authority management system is after getting target user's permission, in meeting Real time request server in advance Target user's permission is sent to business corresponding at least two target platforms mark based on the URI and put down by the URI of storage Platform.Business platform is stored in local original user right pipe after obtaining corresponding target user's permission, with the business platform Reason data carry out comparison processing, will be revised as sending with user authority management system in local original user authority management data Target user's permission it is consistent, ensure business platform it is consistent with the user authority management data in user authority management system.It should Step realizes the real-time of user authority management data transmission, avoids the user authority management data of user authority management system Update, but the problem of the user authority management data of business platform cannot timely update.
In present embodiment, target user's permission is sent to and at least two target platforms using pre-set URI Corresponding business platform is identified, may be implemented different business platform original user rights management data being managed collectively, The user authority management data in user authority management system and different business platform are allow to obtain real-time update.
In the cross-platform permission centralized management method, user authority management system is by obtaining user role, at least two Original user permission in a business platform carries out integration processing, obtains with each original user ID at least two business platforms In corresponding target user's permission, and target user's permission is sent to industry corresponding at least two target platforms mark Business platform, to realize that the user authority management data based on storage carry out cross-platform management based on multiple service platform.
In a specific embodiment, as shown in Fig. 2, step S20, is based on user role, at least two business platforms In original user permission carry out integration processing, obtain target user's permission corresponding with each original user ID, specific packet Include following steps:
S21:Based on user role, association user grade of the user role in associated services platform is determined.
Association user grade refers to rank of the user role in associated services platform.User gradation and user role Corresponding, different user roles is different in the corresponding user gradation of different business platform.As user role is in business platform A It is level-one to handle user gradation of the user of grade user in business platform A, and user role is the user of employee grade user in industry The user gradation being engaged in platform A is two level.Firsts and seconds is exactly user gradation of the different user role in business platform.It closes It is corresponding with user role in association platform to join user gradation.
In the present embodiment, the corresponding user gradation in different business platforms is different.A grade user is such as handled to exist User gradation in business platform A is level-one, and the association user grade in associated services platform C is two level, wherein association industry The associated services platform that business platform C is business platform A.
In a specific embodiment, step S21 is based on user role, determines user role in associated services platform Association user grade, specifically comprise the following steps:Based on user role, using pre-set user gradation conversion table, really Determine association user grade of the user role in associated services platform.
User gradation conversion table refers to grade translation table of the same user role in different business platforms.User gradation Conversion table include User ID, user role and different business platform user gradation.It can be determined based on user gradation translation table User gradation of the same user role in different business platforms determines that user role is closing by user gradation translation table Join the association user grade in business platform, so that it is determined that association user grade of the same User ID in associated services platform. Based on user role, association user grade of the user role in associated services platform is determined, step S22 is facilitated to obtain user's Association user permission.
S22:By in associated services platform, association user grade original user permission below is as association user permission.
Association user permission refers in associated services platform, and the association user grade determined based on user role is below The corresponding user right of user gradation.
User right of the user in associated services platform can only include the corresponding association of the user in associated services platform The original user permission of user gradation each associated services platform below, to avoid so that any user can cross-platform access association The resource of same user gradation in business platform, to meet the safety regulation and security strategy of each business platform.
If the office manager in business platform A is level-one in the user role of business platform A, business platform B is that business is flat The associated services platform of platform A, user role of the office manager in business platform B is also level-one, due to the business in business platform A Manager is not belonging to the user of business platform B, and therefore, office manager is in the association user permission of business platform B is business platform B User gradation is two level and two level user right below.
S23:The corresponding association user permissions of each original user ID and original user permission are integrated, as target User right.
In the present embodiment, all corresponding user roles of each original user ID also have corresponding in associated services platform User role and association user permission, user authority management system can be by the corresponding association user permissions of the same original user ID It is integrated with original user permission, target user's permission as original user ID.The corresponding mesh of each original user ID Mark user right embodies all user rights of the corresponding users of original user ID in each business platform, realizes cross-platform pipe User right is managed, so that each user can be based on target user's permission and access corresponding associated services platform.
In a specific embodiment, as shown in figure 3, the cross-platform method for managing user right further includes following steps:
S51:User right change request is obtained, user right change request includes change user authority management data, is become More user authority management data include change User ID or change role.
User right change request refer to business platform be sent to user authority management system for changing user right Request.When User ID or user role change, corresponding original user permission can also change, the use after change Family permission needs to be sent to user authority management system, there is that User ID changes or user role becomes in business platform When change, business platform will send user right change request to user authority management system.
User right change request includes change user authority management data, and change user authority management data refer to using Rights management data after the change of family.It includes change User ID and change role to change user authority management data.
It refers to user when transfer-position is to another business platform from a business platform to change User ID, needs to change the user Corresponding User ID, the User ID after change are known as changing User ID.User's transfer-position from a business platform is flat to another business When platform, the original user ID of user can become platform identification+number after transfer-position, such as an original user ID be A01 user from Business platform is transferred in business platform B, and the corresponding original user ID of the user can become B01, and B01 is then the corresponding change of the user More User ID.Belong to the User ID in each business platform of same conglomerate, is numbered using same set of coding rule. The coding rule, which refers to the label of each user in all business platforms, will not all repeat, and be unique, a number is only right Answer a user.Due to each Customs Assigned Number be it is unique, in user A01 from business platform A transfer-position to business platform B When, it is only necessary to the platform identification of the user is changed, the Customs Assigned Number in the corresponding original user ID of the user need not be changed, side Just it manages.
It refers to corresponding user role after user role changes to change role.In the present embodiment, user promoting or When person degrades, corresponding user role can also change, and the user role after variation is known as changing role.Such as user A02 In business platform A after business personnel promotes as office manager, corresponding user role can be also changed to from employee grade user Grade user is handled, manager's grade user is then the corresponding change role of user.
Business platform, can be by the change User ID of acquisition and change role's hair after obtaining change User ID and change role User authority management system is given, so that user authority management system is based on change User ID and change role carries out user right Exception processes.
S52:Based on change role, change user authority management data are obtained, to the change at least two business platforms User authority management data carry out integration processing, obtain change user right corresponding with each original user ID.
Change user right refers to the corresponding target user's permission of change role.It is also wrapped in change user authority management data Change user right is included, in a business platform, the corresponding original user permission of each change role is change user right.Such as Business personnel A02 in business platform A is promoted in business platform A as office manager, that is, it is manager grade user, manager to change role Original user permission of the grade user in business platform A is a1+a2+a3, a1+a2+a3Become for business personnel A02 in business platform A The corresponding change user rights of office manager A02.
When original user ID is constant, when user role changes, use of the original user ID in corresponding business platform Family permission can also change, and after user role changes, business platform can weigh the corresponding change user of change role Limit management data are sent to big data platform storage, and big data platform will change user authority management number corresponding with change role According to being sent to user authority management system.User authority management system be based on change role to change user authority management data into Row integration is handled, and the change user right that same User ID is belonged in each business platform is carried out integration processing, is obtained and every The corresponding change user rights of one original user ID.
If the business personnel A02 in business platform A is promoted in business platform A as office manager, the business in business platform A The original user permission of manager is a1+a2+a3.The user gradation of business personnel A02 is level-one, by step S20 it is found that user A02 It is b to have the corresponding original user permission in business platform B2, corresponding original user permission is c in business platform C1, user Rights Management System can be based on change user role, to the corresponding user right of same User ID at least one business platform Management data carry out integration processing, and the corresponding change user right of change role is a1+a2+a3+b2+c1, then the change of user A02 User right is a1+a2+a3+b2+c1
S53:Based on change User ID, change user authority management data are obtained, to the change at least two business platforms More user authority management data carry out integration processing, obtain the corresponding change user right of change User ID.
When original user ID changes, become changing User ID, and when user role does not change, based on change The associated platform identification of User ID, the original user for searching user role corresponding with change User ID in the business platform are weighed Limit.If corresponding change User ID is B01 after original User ID is A01 in business platform A user's transfer-position to business platform B, Due to User ID be B01 user from be transferred in business platform A in business platform B be sane level transfer, i.e., user role is not sent out Changing, still to handle grade user, original user permission of manager's grade user in business platform B in business platform B is b1+ b2, then it is b that it, which changes the change user right that User ID is B01,1+b2
After user authority management system gets the change user authority management data of business platform transmission, change can be based on The corresponding user role of User ID, lookup and the association user permission in the relevant associated services platform of business platform are then right User right and association user permission in change user authority management data carry out integration processing, obtain change User ID and correspond to Change user right.After getting the change user authority management data that business platform B is sent such as user authority management system, It can be based on the corresponding user roles of B01, lookup and the association user permission in the relevant associated services platform A of business platform B, obtained It is a to take the corresponding change user rights of B012+a3+b1+b2
S54:Change user right is sent to corresponding business platform.
User authority management system, can be flat based at least two in change user right after obtaining change user right Station identification will change user right and be sent in the corresponding business platform of each target platform mark.If change User ID belongs to certain Target user's permission is sent to then based on the platform identification for including in change User ID and changes User ID by one business platform Corresponding business platform.After it will change user right and be sent to business platform corresponding with change User ID, user right pipe Reason system will change the association user permission in user right and corresponding original user ID, be sent to association user capability identification Corresponding associated services platform so that associated services platform can timely update the user authority management data in business platform.When Change occurs for user role or original user ID generations are changed when corresponding user right being caused to change, rights management system System can be changed the change user authority management data acquisition that request carries based on user right and change user right, and permission pipe is facilitated Maintenance and management of the reason personnel to rights management data.
The cross-platform permission manages method concentratedly, by user authority management system by the original right of different business platform Management data carry out integration processing based on user role, obtain target user's permission.Then user authority management system passes through pre- Target user's permission is sent to business platform corresponding with target platform mark so that user is at oneself by the URI being first arranged The business platform at place will be seen that one's own target user's permission, and association platform can also be allowed to obtain the user and be associated with The user right of platform realizes the cross-platform management of user right.Change occurs for user role or original user ID becomes When corresponding user right more being caused to change, Rights Management System can be changed the change that request carries based on user right and be used Family rights management data obtains change user right, facilitates maintenance and management of the rights management personnel to rights management data.
It should be understood that the size of the serial number of each step is not meant that the order of the execution order in above-described embodiment, each process Execution sequence should be determined by its function and internal logic, the implementation process without coping with the embodiment of the present invention constitutes any limit It is fixed.
Embodiment 2
Fig. 4 is shown and the cross-platform user authority management correspondingly of cross-platform method for managing user right in embodiment 1 The functional block diagram of device.It is obtained as shown in figure 4, the cross-platform user authority management device includes original user rights management data Module 10, target user's authority acquiring module 20, target platform identifier acquisition module 30 and target user's permission sending module 40. Wherein, original user rights management data acquisition module 10, target user's authority acquiring module 20, target platform mark obtain mould The realization function of block 30 and target user's permission sending module 40 is corresponding with cross-platform method for managing user right in embodiment Step corresponds, and to avoid repeating, the present embodiment is not described in detail one by one.
Original user rights management data acquisition module 10, the original user for obtaining the transmission of at least two business platforms Rights management data, original user rights management data include original user ID, user role and original user permission, original use Family rights management data is associated with platform identification.
Target user's authority acquiring module 20, for being based on user role, to the original use at least two business platforms Family permission carries out integration processing, obtains target user's permission corresponding with each original user ID.
Target platform identifier acquisition module 30, if carrying cross-platform mark for target user's permission, obtain with across The corresponding at least two target platforms mark of platform identification.
Target user's permission sending module 40 is identified for being sent to target user's permission at least two target platforms Corresponding business platform.
Preferably, target user's authority acquiring module 20, including:User gradation acquiring unit 21, association user permission obtain Take unit 22 and target user's authority acquiring unit 23.
User gradation acquiring unit 21 determines pass of the user role in associated services platform for being based on user role Join user gradation.
Association user authority acquiring unit 22, for by associated services platform, association user grade original use below Family permission is as association user permission.
Target user's authority acquiring unit 23 is used for the corresponding association user permissions of each original user ID and original use Family permission is integrated, as target user's permission.
Preferably, user gradation acquiring unit 21 is converted for being based on user role using pre-set user gradation Table determines association user grade of the user role in associated services platform.
Preferably, target user's permission sending module 40, for target user's permission to be sent to and ID pairs of original user The business platform answered, and by target user's permission association user permission and corresponding original user ID be sent to associated services Platform.
Preferably, target user's permission sending module 40, for being sent target user's permission using pre-set URI It gives at least two target platforms and identifies corresponding business platform.
Preferably, which further includes user right change acquisition request module 51, first It changes user right acquisition module 52, second and changes user right acquisition module 53 and change user right sending module 54.
User right changes acquisition request module 51, for obtaining user right change request, user right change request Including changing user authority management data, change user authority management data include change User ID or change role.
First change user right acquisition module 52, for based on change role, obtaining change user authority management data, Integration processing is carried out to the change user authority management data at least two business platforms, is obtained and each original user ID phases Corresponding change user right.
Second change user right acquisition module 53, for based on change User ID, obtaining change user authority management number According to carrying out integration processing to the change user authority management data at least two business platforms, obtain change User ID and correspond to Change user right.
User right sending module 54 is changed, corresponding business platform is sent to for user right will to be changed.
Embodiment 3
The present embodiment provides a computer readable storage medium, computer journey is stored on the computer readable storage medium Sequence realizes cross-platform method for managing user right in embodiment 1 when the computer program is executed by processor, to avoid repeating, Which is not described herein again.Alternatively, realizing cross-platform user authority management dress in embodiment 2 when the computer program is executed by processor The function of each module/unit in setting, to avoid repeating, which is not described herein again.
It is to be appreciated that the computer readable storage medium may include:The computer program code can be carried Any entity or device, recording medium, USB flash disk, mobile hard disk, magnetic disc, CD, computer storage, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), electric carrier signal and telecommunications letter Number etc..
Embodiment 4
Fig. 5 is the schematic diagram for the computer equipment that one embodiment of the invention provides.As shown in figure 5, the calculating of the embodiment Machine equipment 60 includes:Processor 61, memory 62 and it is stored in the calculating that can be run in memory 62 and on processor 61 Machine program 63.Processor 61 realizes cross-platform method for managing user right in above-described embodiment 1 when executing computer program 63 Step, such as step S10 to S40 shown in FIG. 1.Alternatively, processor 61 realizes above-described embodiment 2 when executing computer program 63 In cross-platform each module/unit of user authority management device function, such as original user rights management data shown in Fig. 4 obtains Modulus block 10, target user's authority acquiring module 20, target platform identifier acquisition module 30 and target user's permission sending module 40 function does not repeat one by one herein to avoid repeating.
It is apparent to those skilled in the art that for convenience of description and succinctly, only with above-mentioned each work( Can unit, module division progress for example, in practical application, can be as needed and by above-mentioned function distribution by different Functional unit, module are completed, i.e., the internal structure of described device are divided into different functional units or module, more than completion The all or part of function of description.
Embodiment described above is merely illustrative of the technical solution of the present invention, rather than its limitations;Although with reference to aforementioned reality Applying example, invention is explained in detail, it will be understood by those of ordinary skill in the art that:It still can be to aforementioned each Technical solution recorded in embodiment is modified or equivalent replacement of some of the technical features;And these are changed Or replace, the spirit and scope for various embodiments of the present invention technical solution that it does not separate the essence of the corresponding technical solution should all It is included within protection scope of the present invention.

Claims (10)

1. a kind of cross-platform method for managing user right, which is characterized in that including:
Obtain the original user rights management data of at least two business platforms transmission, the original user rights management data packet Original user ID, user role and original user permission are included, the original user rights management data is associated with platform identification;
Based on the user role, integration processing is carried out to the original user permission at least two business platforms, is obtained Target user's permission corresponding with each original user ID;
If target user's permission carries cross-platform mark, obtain and the cross-platform mark corresponding at least two Target platform identifies;
Target user's permission is sent to business platform corresponding at least two target platforms mark.
2. cross-platform method for managing user right as described in claim 1, which is characterized in that described to be based on the user angle Color carries out integration processing to the original user permission at least two business platforms, obtains and each original user ID phases Corresponding target user's permission, including:
Based on the user role, association user grade of the user role in associated services platform is determined;
By in the associated services platform, the association user grade original user permission below is as association user permission;
The corresponding association user permissions of each original user ID and the original user permission are integrated, as described Target user's permission.
3. cross-platform method for managing user right as claimed in claim 2, which is characterized in that described to be based on the user angle Color determines association user grade of the user role in associated services platform, including:
Determine the user role in the association using pre-set user gradation conversion table based on the user role Association user grade in business platform.
4. cross-platform method for managing user right as described in claim 1, which is characterized in that described to weigh the target user Limit is sent to business platform corresponding at least two target platforms mark, including:
Target user's permission is sent to business platform corresponding with the original user ID, and the target user is weighed Association user permission and corresponding original user ID in limit are sent to the associated services platform.
5. cross-platform method for managing user right as described in claim 1, which is characterized in that described to weigh the target user Limit is sent to business platform corresponding at least two target platforms mark, including:
Target user's permission is sent to by industry corresponding at least two target platforms mark using pre-set URI Business platform.
6. cross-platform method for managing user right as described in claim 1, which is characterized in that the cross-platform user right pipe Reason method further includes:
User right change request is obtained, the user right change request includes change user authority management data, the change More user authority management data include change User ID or change role;
Based on the change role, change user authority management data are obtained, to the change at least two business platforms User authority management data carry out integration processing, obtain change user right corresponding with each original user ID;Alternatively,
Based on the change User ID, change user authority management data are obtained, the change at least two business platforms is used Family rights management data carries out integration processing, obtains the corresponding change user right of change User ID;
The change user right is sent to corresponding business platform.
7. a kind of cross-platform user authority management device, which is characterized in that including:
Original user rights management data acquisition module, the original user permission pipe for obtaining the transmission of at least two business platforms Data are managed, the original user rights management data includes original user ID, user role and original user permission, described original User authority management data are associated with platform identification;
Target user's authority acquiring module, for being based on the user role, to original at least two business platforms User right carries out integration processing, obtains target user's permission corresponding with each original user ID;
Target platform identifier acquisition module, if carrying cross-platform mark for target user's permission, obtain with it is described The cross-platform corresponding at least two target platforms mark of mark;
Target user's permission sending module identifies phase for being sent to target user's permission at least two target platforms Corresponding business platform.
8. cross-platform user authority management device as claimed in claim 7, which is characterized in that target user's authority acquiring Module, including:
User gradation acquiring unit determines the user role in associated services platform for being based on the user role User gradation;
Association user authority acquiring unit, for by the associated services platform, the user gradation original user below Permission is as association user permission;
Target user's authority acquiring unit, for by corresponding association user permissions of each original user ID and described original User right is integrated, as target user's permission.
9. a kind of computer equipment, including memory, processor and it is stored in the memory and can be in the processor The computer program of upper operation, which is characterized in that the processor realized when executing the computer program as claim 1 to The step of any one of 6 cross-platform method for managing user right.
10. a kind of computer readable storage medium, the computer-readable recording medium storage has computer program, feature to exist In realization cross-platform user authority management as described in any one of claim 1 to 6 when the computer program is executed by processor The step of method.
CN201810161846.1A 2018-02-27 2018-02-27 Cross-platform user authority management method and device, computer equipment and storage medium Active CN108416195B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201810161846.1A CN108416195B (en) 2018-02-27 2018-02-27 Cross-platform user authority management method and device, computer equipment and storage medium
PCT/CN2018/081507 WO2019165668A1 (en) 2018-02-27 2018-04-02 Cross-platform user rights management method, apparatus, computer device, and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810161846.1A CN108416195B (en) 2018-02-27 2018-02-27 Cross-platform user authority management method and device, computer equipment and storage medium

Publications (2)

Publication Number Publication Date
CN108416195A true CN108416195A (en) 2018-08-17
CN108416195B CN108416195B (en) 2020-09-25

Family

ID=63129118

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810161846.1A Active CN108416195B (en) 2018-02-27 2018-02-27 Cross-platform user authority management method and device, computer equipment and storage medium

Country Status (2)

Country Link
CN (1) CN108416195B (en)
WO (1) WO2019165668A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111324778A (en) * 2020-01-22 2020-06-23 支付宝实验室(新加坡)有限公司 Data and service processing method and device and electronic equipment
CN111770184A (en) * 2020-06-30 2020-10-13 浙江口碑网络技术有限公司 Method and device for realizing service based on small program
CN113742749A (en) * 2021-09-10 2021-12-03 广州市奥威亚电子科技有限公司 Method, device and equipment for managing platform user authority and storage medium

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112163833A (en) * 2020-09-27 2021-01-01 北京金山云网络技术有限公司 Authority management method, device and system

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002312731A (en) * 2001-04-12 2002-10-25 Nec Corp Privilege point commonizing system
US20030031164A1 (en) * 2001-03-05 2003-02-13 Nabkel Jafar S. Method and system communication system message processing based on classification criteria
CN101656625A (en) * 2008-08-18 2010-02-24 中兴通讯股份有限公司 Enterprise unified communication based distributed policy management method
CN102664967A (en) * 2012-05-18 2012-09-12 北京慧创新盈科技有限公司 Method and system for interacting cross-platform personal information and background server
CN103684878A (en) * 2013-12-30 2014-03-26 大唐移动通信设备有限公司 Operating command parameter control method and device
CN103853970A (en) * 2014-03-27 2014-06-11 浪潮软件集团有限公司 Method for integrating operating authorities of multiple web application systems
CN105262725A (en) * 2015-09-08 2016-01-20 浪潮(北京)电子信息产业有限公司 Account sharing control method and system
CN106682487A (en) * 2016-11-04 2017-05-17 浙江蘑菇加电子商务有限公司 User authority management method and system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101714920A (en) * 2008-10-07 2010-05-26 英业达股份有限公司 Authority management system centralizing a plurality of service account numbers and method thereof
CN102882715B (en) * 2012-09-21 2016-08-24 北京国电通网络技术有限公司 A kind of Rights Management System
CN105894159A (en) * 2014-12-03 2016-08-24 北京航天长峰科技工业集团有限公司 Implementation method of cross-domain and cross-platform user unified management system
TWI622944B (en) * 2015-12-01 2018-05-01 Chunghwa Telecom Co Ltd Multi-permission identity identification and access policy management system

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030031164A1 (en) * 2001-03-05 2003-02-13 Nabkel Jafar S. Method and system communication system message processing based on classification criteria
JP2002312731A (en) * 2001-04-12 2002-10-25 Nec Corp Privilege point commonizing system
CN101656625A (en) * 2008-08-18 2010-02-24 中兴通讯股份有限公司 Enterprise unified communication based distributed policy management method
CN102664967A (en) * 2012-05-18 2012-09-12 北京慧创新盈科技有限公司 Method and system for interacting cross-platform personal information and background server
CN103684878A (en) * 2013-12-30 2014-03-26 大唐移动通信设备有限公司 Operating command parameter control method and device
CN103853970A (en) * 2014-03-27 2014-06-11 浪潮软件集团有限公司 Method for integrating operating authorities of multiple web application systems
CN105262725A (en) * 2015-09-08 2016-01-20 浪潮(北京)电子信息产业有限公司 Account sharing control method and system
CN106682487A (en) * 2016-11-04 2017-05-17 浙江蘑菇加电子商务有限公司 User authority management method and system

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111324778A (en) * 2020-01-22 2020-06-23 支付宝实验室(新加坡)有限公司 Data and service processing method and device and electronic equipment
CN111324778B (en) * 2020-01-22 2024-04-30 先进新星技术(新加坡)控股有限公司 Data and service processing method and device and electronic equipment
CN111770184A (en) * 2020-06-30 2020-10-13 浙江口碑网络技术有限公司 Method and device for realizing service based on small program
CN113742749A (en) * 2021-09-10 2021-12-03 广州市奥威亚电子科技有限公司 Method, device and equipment for managing platform user authority and storage medium
CN113742749B (en) * 2021-09-10 2024-03-29 广州市奥威亚电子科技有限公司 Platform user authority management method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN108416195B (en) 2020-09-25
WO2019165668A1 (en) 2019-09-06

Similar Documents

Publication Publication Date Title
JP7406512B2 (en) Data anonymization for service subscriber privacy
CN108416195A (en) Cross-platform method for managing user right, device, computer equipment and storage medium
US9595013B2 (en) Delegated and restricted asset-based permissions management for co-location facilities
CN102684903B (en) A kind of management platform, system and method realizing the access of cloud storage multiple resource node
CN100462957C (en) Information route method and system based on secret strategy
US20080040417A1 (en) System and method for allocating workflow operations to a computing device
CN107682397A (en) Customer resources acquisition methods, device, terminal device and storage medium
CN103703444A (en) Enabling computing device to utilize another computing device
US20150271148A1 (en) System and method for transporting a document between a first service provider and a second service provider
CN111310225A (en) Method and system for decentralized privacy data authorization based on block chain
CN100484024C (en) System and method for improving differential safety grade application service
CN112100585A (en) Authority management method, device and storage medium
CN107818013A (en) A kind of application scheduling method thereof and device
CN110457629A (en) Permission processing, authority control method and device
CN108809985A (en) A kind of mobile platform system
CN106375442A (en) Cross-platform device information management method and apparatus
CN108933789A (en) A kind of method and third-party application server preventing personal information leakage
Wei et al. A new proposed sensor cloud architecture based on fog computing for internet of things
CN109947844B (en) Medical data management system based on medical block chain
CN107067354A (en) Based on the task of supervision treating method and apparatus for controlling grid altogether
CN102420808A (en) Method for realizing single signon on telecom on-line business hall
CN104166581B (en) A kind of virtual method towards increment manufacturing equipment
CN111091486B (en) Block chain-based unified method for distributed government architecture
CN114189476B (en) Multi-element interface shunting calling method and terminal
CN106060032B (en) User data integration and reassignment method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant