CN108416195B - Cross-platform user authority management method and device, computer equipment and storage medium - Google Patents

Cross-platform user authority management method and device, computer equipment and storage medium Download PDF

Info

Publication number
CN108416195B
CN108416195B CN201810161846.1A CN201810161846A CN108416195B CN 108416195 B CN108416195 B CN 108416195B CN 201810161846 A CN201810161846 A CN 201810161846A CN 108416195 B CN108416195 B CN 108416195B
Authority
CN
China
Prior art keywords
user
platform
authority
original
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810161846.1A
Other languages
Chinese (zh)
Other versions
CN108416195A (en
Inventor
白益仲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201810161846.1A priority Critical patent/CN108416195B/en
Priority to PCT/CN2018/081507 priority patent/WO2019165668A1/en
Publication of CN108416195A publication Critical patent/CN108416195A/en
Application granted granted Critical
Publication of CN108416195B publication Critical patent/CN108416195B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Automation & Control Theory (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a cross-platform user authority management method, a cross-platform user authority management device, computer equipment and a storage medium. The cross-platform user authority management method comprises the following steps: acquiring original user authority management data sent by at least two service platforms, wherein the original user authority management data comprises an original user ID, a user role and an original user authority, and the original user authority management data is associated with a platform identifier; based on the user roles, the original user permissions in at least two service platforms are integrated, and a target user permission corresponding to each original user ID is obtained; if the target user authority carries the cross-platform identification, acquiring at least two target platform identifications corresponding to the cross-platform identification; and sending the target user authority to the service platform corresponding to the at least two target platform identifications. The method can enable the user to have the authority to access the associated service platform, realize cross-platform user authority management, improve the efficiency of user authority management and reduce the management and maintenance cost.

Description

Cross-platform user authority management method and device, computer equipment and storage medium
Technical Field
The invention relates to the field of big data processing, in particular to a cross-platform user authority management method and device, computer equipment and a storage medium.
Background
The authority management generally refers to that a user can access and only can access the authorized resources according to the security rules or security policies set by the system. The user right solves the problem that the user can access or operate the resources.
Due to the safety consideration on the platform safety and the actual service requirement, the types of databases supported by the service systems corresponding to different service platforms may be different, for example, a plurality of service systems support Oracle, Mysql, SQL server, and the like, and the difference and individuation of the databases cause the service system corresponding to each service platform to control the data authority to be processed by itself, so that the management and maintenance are difficult. For example, a current group company needs to configure different service systems for different service requirements according to the security considerations of actual service requirements. In consideration of platform security, service systems corresponding to different service platforms usually configure a user right for accessing service platform resources for a user under each service platform. Currently, each user can only access the resources on the corresponding service platform according to the user authority of the user, and cannot access the resources corresponding to other associated service platforms, which causes inconvenience to the user. Moreover, the user authority management logics of different current service platforms are mutually independent, so that the management and maintenance cost is higher.
Disclosure of Invention
The embodiment of the invention provides a cross-platform user authority management method, a cross-platform user authority management device, computer equipment and a storage medium, and aims to solve the problem that users on different current service platforms can only access the corresponding service platforms.
In a first aspect, an embodiment of the present invention provides a cross-platform user right management method, including:
acquiring original user authority management data sent by at least two service platforms, wherein the original user authority management data comprises an original user ID, a user role and an original user authority, and the original user authority management data is associated with a platform identifier;
based on the user roles, the original user permissions in at least two service platforms are integrated, and a target user permission corresponding to each original user ID is obtained;
if the target user authority carries a cross-platform identifier, acquiring at least two target platform identifiers corresponding to the cross-platform identifier;
and sending the target user authority to a service platform corresponding to at least two target platform identifications.
In a second aspect, an embodiment of the present invention provides a cross-platform user right management apparatus, including:
the system comprises an original user authority management data acquisition module, a platform identification acquisition module and a service platform management module, wherein the original user authority management data acquisition module is used for acquiring original user authority management data sent by at least two service platforms, the original user authority management data comprises an original user ID, a user role and an original user authority, and the original user authority management data is associated with the platform identification;
the target user authority acquisition module is used for integrating original user authorities in at least two service platforms based on the user roles and acquiring the target user authority corresponding to each original user ID;
a target platform identifier obtaining module, configured to obtain at least two target platform identifiers corresponding to cross-platform identifiers if the target user permission carries the cross-platform identifiers;
and the target user permission sending module is used for sending the target user permission to the service platforms corresponding to the at least two target platform identifications.
In a third aspect, an embodiment of the present invention provides a computer device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of the cross-platform user right management method when executing the computer program.
In a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the steps of the cross-platform user right management method are implemented.
According to the cross-platform authority centralized management method, the cross-platform authority centralized management device, the computer equipment and the storage medium, original authority management data of different service platforms are integrated and processed based on user roles through the user authority management system, and target user authority is obtained. And then the user authority management system sends the target user authority to the service platform corresponding to the target platform identification, so that the service platform where the user is located can know the target user authority owned by the user, and the associated platform can acquire the user authority of the user on the associated platform, thereby realizing cross-platform management of the user authority, improving the efficiency of user authority management and reducing the management and maintenance cost.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive labor.
Fig. 1 is a flow chart of a cross-platform user right management method in embodiment 1 of the present invention.
Fig. 2 is a specific diagram of step S20 in fig. 1.
Fig. 3 is another flow chart of a cross-platform user right management method in embodiment 1 of the present invention.
Fig. 4 is a functional block diagram of a cross-platform user right management apparatus in embodiment 2 of the present invention.
Fig. 5 is a schematic diagram of a computer device in embodiment 4 of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1
Fig. 1 shows a flow diagram of a cross-platform user rights management method in this embodiment. The cross-platform user authority management method is applied to a user authority management system, the user authority management system is connected with different service platforms and is used for carrying out centralized management on user authorities corresponding to users in different service platforms, so that the users in the service platforms have access authorities for accessing other associated service platforms, cross-platform user authority management is realized, user authority management efficiency is improved, and maintenance cost is reduced. As shown in fig. 1, the cross-platform user right management method includes the following steps:
s10: acquiring original user authority management data sent by at least two service platforms, wherein the original user authority management data comprises an original user ID, a user role and an original user authority, and the original user authority management data is associated with a platform identifier.
The service platform refers to a platform for performing online service processing, and includes, but is not limited to, a service platform of the company, a financial platform, and a third-party outsourcing service platform, and each service platform has a corresponding platform identifier. The platform identifier is an identifier for uniquely identifying a corresponding service platform.
The original user authority management data refers to the user authority management data granted to the platform user in each service platform. The user right management data is data associating each user with its corresponding user right. In this embodiment, each original user right management system is associated with a platform identifier, so that the user right management system can determine the source of the corresponding original user right management data based on the platform identifier. The original user authority management data includes an original user ID, a user role, and an original user authority.
The original user ID is an identifier of a user identity used for unique identification in a service platform, and may be composed of a platform identifier and a number, so as to distinguish users on different service platforms. If the service platform where a user is located is A, the original user ID is an A + number. In the embodiment, the serial numbers of the user IDs corresponding to different service platforms in the same group company are different, and one user is unique in the serial number in the same group company, so that the authority management data of the user can be conveniently managed through the user ID when the position of a subsequent user is changed.
A user role is a group of users with the same user authority, which is called a role, and is organized together to facilitate management of users and user authorities. In a service platform, the user authority corresponding to each user role is different. For example, in the service platform a, two types of users including a service manager and an operator are included, user permissions corresponding to the service manager and the operator are different, and the user permission of the service manager in the service platform a includes a1+a2+a3The user authority of the service personnel in the service platform A comprises a1+a2In order to manage the user and the user authority conveniently, the service platform A divides a service manager and a service worker into different user roles, and the user role corresponding to the service manager is a manager-level user; and the user role corresponding to the service staff is the staff level user.
The original user right refers to a user right that a user can access authorized resources in the service platform according to a security rule or a security policy set by the service platform. The original user authority is determined according to the user role and is used for limiting the user to access and call the resources in the service platform.
Because the original user authority management data of all the service platforms can be stored in the big data platform, the user authority management system can directly acquire the original user authority management data of at least two service platforms from the big data platform. Because the original user authority management data is associated with the platform identification, the original user ID, the user role and the original user authority in the original user authority management data are all associated with the platform identification, and the service platform to which the original user ID, the user role and the original user authority belong is convenient to identify. The user authority management system can acquire original user authority management data of different service platforms, and unified management of the original user authority management data of each service platform is achieved.
S20: and integrating the original user permissions in at least two service platforms based on the user roles, and acquiring the target user permission corresponding to each original user ID.
The target user authority refers to the user authority after the user authorities of the users corresponding to the original user ID in different service platforms are summarized.
The user authority management system acquires original user authority corresponding to the original user ID in different service platforms based on user roles, integrates the original user authority corresponding to the original user ID in at least two service platforms, acquires and summarizes all original user authority corresponding to the original user ID in different service platforms, namely target user authority corresponding to the original user ID.
For example, a user with an original user ID of a01 in the service platform a, and the corresponding original user right in the service platform a is a1+a2+a3Because the user role of the user is a manager-level user, the user has the user right to view employee-level users of other service platforms below the manager-level user. Example (b)For example, user A01 has original user permission B in service platform B1+b2The original user authority owned in the service platform C is C1The user authority management system integrates the original user authority corresponding to the user A01 in the service platform A, the service platform B and the service platform C to obtain the user authority a corresponding to A011+a2+a3+b2+c1The target user authority of the user A01 is a1+a2+a3+b2+c1
And integrating the original user permissions in at least two service platforms to obtain a target user permission corresponding to each original user ID, so that the user permissions of each original user ID in different service platforms can be conveniently obtained.
S30: and if the target user authority carries the cross-platform identification, acquiring at least two target platform identifications corresponding to the cross-platform identification.
The cross-platform identifier is an identifier formed when identifiers corresponding to all user rights in the target user rights exceed two types. When at least two original user rights in the target user rights exist, each original user right has a corresponding platform identifier, at this time, the target user rights include at least two platform identifiers, the target user rights carry cross-platform identifiers, and the target platform identifier corresponding to the target user rights is obtained based on the cross-platform identifiers. The target platform identifier refers to a platform identifier corresponding to each user authority included in the target user authority.
And judging whether the target user authority carries at least two target platform identifications, if so, generating a cross-platform identification so that the target user authority carries the cross-platform identification, and the user authority management system can acquire the at least two corresponding target platform identifications in the target user authority.
If the target user authority of the user A01 is a1+a2+a3+b2+c1,a1+a2+a3The corresponding platform identification includes A, b2The corresponding platform is marked as B, c1The corresponding platform id is C, and the target platform ids corresponding to the target user permission are A, B and C. After the target platform identifier is obtained, step S40 is facilitated to send the target user right to the service platform corresponding to the target platform identifier.
S40: and sending the target user authority to the service platform corresponding to the at least two target platform identifications.
After acquiring the target user authority, the user authority management system sends the target user authority to a service platform corresponding to each target platform identifier based on at least two target platform identifiers in the target user authority. If the original user ID only belongs to a certain service platform, and only the corresponding original user authority is stored in the corresponding target user authority, the target user authority only comprises the platform identification corresponding to the original user ID, and the target user authority does not need to be fed back to the service platform corresponding to the original user ID again.
After the target user authority is sent to the service platforms corresponding to the at least two target platform identifications, the user authority management system sends the associated user authority in the target user authority and the corresponding original user ID to the associated service platform corresponding to the associated user authority identification. The associated user authority refers to other user authorities which do not belong to the original user authority corresponding to the user ID in the target user authority. The associated user authority identifier refers to a platform identifier carried in the associated user authority. The associated service platform refers to a service platform corresponding to the associated user authority identifier.
E.g., user A01, has a target user privilege of a1+a2+a3+b2+c1,a1+a2+a3Original user authority of user A01, b2And c1Is the associated user right of a 01. The user authority management system will a1+a2+a3+b2+c1After being sent to the service platform A corresponding to the user A01, b is sent2And user A01 to the associated businessService platforms B, c1And user a01 to the associated service platform C.
The user authority management system sends the target user authority to the service platform corresponding to the original user ID, so that the user A01 can keep all user authorities belonging to the user in the original service platform, and the user authority which can be accessed in different service platforms can be conveniently known. The associated user authority and the corresponding original user ID are sent to the associated service platform corresponding to the associated user authority identifier, and other user information of the user A01 is not sent to the associated service platform, so that the user information of the user A01 can be effectively prevented from being leaked in the associated service platform, and meanwhile, the user A01 can be ensured to access resources corresponding to the associated service platform in the associated service platform.
In steps S10-S40, the user right management system integrates the original user rights in at least two service platforms by obtaining the original user right management data sent by at least two service platforms based on the user role, obtains the target user right corresponding to each original user ID, and sends the target user right to the service platform corresponding to the target platform identifier, so that the service platform where the user is located can know the own target user right, and the associated platform can also obtain the user right of the user on the associated platform, thereby implementing cross-platform management of user rights, improving the efficiency of user right management, and reducing the maintenance cost, so as to avoid the problem that the user rights of different service platforms need to be managed respectively, which results in higher management and maintenance costs.
In a specific embodiment, a preset URI is adopted to send the target user authority to the service platform corresponding to at least two target platform identifications.
The URI (Uniform Resource Identifier) is a Resource Identifier based on http or https protocols, and is used to allow a user to interact with any Resource (including local and internet) through a specific protocol. The URI is defined by a scheme that includes a deterministic syntax and associated protocols. For example, each resource available on the Web, such as HTML documents, images, video clips, programs, etc., is located by a Universal Resource Identifier (URI).
The http or https protocol means that a service platform and a user authority management system agree with a format and a communication protocol of user authority management data transmission, and the http or https protocol is pre-stored in a server, and the resource identifier means a character string for identifying a certain internet resource name. When the protocol is used for realizing data transmission between the user authority management system and the service platform, the problem that the data cannot be mutually transmitted due to platform incompatibility can be avoided, so that the realization of cross-platform management of user authority is ensured.
Specifically, after acquiring the target user permission, the user permission management system requests a URI pre-stored in the server in real time, and sends the target user permission to the service platform corresponding to the at least two target platform identifiers based on the URI. After the service platform obtains the corresponding target user authority, the service platform compares the target user authority with the original user authority management data stored in the local by the service platform, and the original local user authority management data is modified to be consistent with the target user authority sent by the user authority management system, so that the consistency of the user authority management data in the service platform and the user authority management system is ensured. The step realizes the real-time property of the user authority management data transmission, and avoids the problem that the user authority management data of the user authority management system is updated but the user authority management data of the service platform cannot be updated in time.
In this embodiment, the preset URI is used to send the target user right to the service platform corresponding to the at least two target platform identifiers, so that the original user right management data of different service platforms can be managed in a unified manner, and the user right management data in the user right management system and the user right management data in different service platforms can be updated in real time.
In the cross-platform authority centralized management method, a user authority management system integrates original user authorities in at least two service platforms by acquiring user roles, acquires target user authorities corresponding to each original user ID in the at least two service platforms, and sends the target user authorities to the service platforms corresponding to at least two target platform identifications, so that cross-platform management based on multi-service platform based on stored user authority management data is realized.
In a specific embodiment, as shown in fig. 2, step S20, based on the user role, performs an integration process on the original user permissions in at least two service platforms, and obtains a target user permission corresponding to each original user ID, which specifically includes the following steps:
s21: and determining the associated user level of the user role in the associated service platform based on the user role.
The associated user level refers to the ranking level of the user roles in the associated service platform. The user levels correspond to the user roles, and the user levels corresponding to different service platforms are different for different user roles. If the user level of the user with the user role of the manager level user in the service platform A is the first level, and the user level of the user with the user role of the employee level user in the service platform A is the second level. The primary and secondary are the user levels of different user roles in the service platform. The associated user level corresponds to a user role in the associated platform.
In this embodiment, the corresponding user classes in different service platforms are different. If the user level of the manager-level user in the service platform A is the first level, and the associated user level in the associated service platform C is the second level, wherein the associated service platform C is the associated service platform of the service platform A.
In a specific embodiment, the step S21, determining, based on the user role, an associated user level of the user role in the associated service platform, specifically includes the following steps: and determining the associated user level of the user role in the associated service platform by adopting a preset user level conversion table based on the user role.
The user level conversion table refers to a level conversion table of the same user role in different service platforms. The user grade conversion table comprises user ID, user roles and user grades of different service platforms. The user grade of the same user role in different service platforms can be determined based on the user grade conversion table, namely, the associated user grade of the user role in the associated service platform is determined through the user grade conversion table, so that the associated user grade of the same user ID in the associated service platform is determined. Based on the user role, determining the associated user level of the user role in the associated service platform, which facilitates step S22 to obtain the associated user authority of the user.
S22: and taking the original user authority below the level of the associated user in the associated service platform as the associated user authority.
The associated user authority refers to the user authority corresponding to the user level below the associated user level determined based on the user role in the associated service platform.
The user authority of the user in the associated service platform only can comprise the original user authority of each associated service platform below the associated user level corresponding to the user in the associated service platform, so that any user can access resources of the same user level in the associated service platform across platforms to meet the security rules and the security policies of each service platform.
For example, the service manager in the service platform a is in the first level in the user role of the service platform a, the service platform B is in the associated service platform of the service platform a, and the service manager in the service platform B is also in the first level, because the service manager in the service platform a does not belong to the user of the service platform B, the associated user right of the service manager in the service platform B is the user right of the service platform B in the second level or below.
S23: and integrating the associated user authority corresponding to each original user ID and the original user authority to serve as the target user authority.
In this embodiment, each original user ID corresponds to a user role, the associated service platform also has a corresponding user role and associated user authority, and the user authority management system integrates the associated user authority and the original user authority corresponding to the same original user ID to serve as a target user authority of the original user ID. The target user authority corresponding to each original user ID represents all user authorities of the users corresponding to the original user IDs in all service platforms, and cross-platform management of the user authorities is achieved, so that each user can access the corresponding associated service platform based on the target user authority.
In a specific embodiment, as shown in fig. 3, the cross-platform user right management method further includes the following steps:
s51: and acquiring a user authority change request, wherein the user authority change request comprises changed user authority management data, and the changed user authority management data comprises a changed user ID or a changed role.
The user authority changing request refers to a request which is sent to the user authority management system by the service platform and is used for changing the user authority. When the user ID or the user role is changed, the corresponding original user authority is also changed, the changed user authority needs to be sent to the user authority management system, and when the user ID or the user role is changed in the service platform, the service platform sends a user authority change request to the user authority management system.
The user authority change request comprises changed user authority management data, and the changed user authority management data refers to the authority management data changed by the user. The change user authority management data includes a change user ID and a change role.
The changing of the user ID means that when a user tunes duty from one service platform to another service platform, the user ID corresponding to the user needs to be changed, and the changed user ID is called as a changed user ID. When a user tunes post from one service platform to another service platform, the original user ID of the user becomes the platform ID + number after tuning post, and if a user with the original user ID of a01 is tuned from the service platform to the service platform B, the original user ID corresponding to the user becomes B01, and B01 is the changed user ID corresponding to the user. And the user IDs in each service platform belonging to the same group enterprise are numbered by adopting the same set of numbering rules. The numbering rule means that the labels of each user in all service platforms are not repeated and are unique, and one number only corresponds to one user. Because each user number is unique, when the user a01 tunes post from the service platform a to the service platform B, only the platform identifier of the user needs to be changed, and the user number in the original user ID corresponding to the user does not need to be changed, which is convenient for management.
The changed role refers to a user role corresponding to the changed user role. In this embodiment, when a user performs job promotion or job descent, the corresponding user role may also change, and the changed user role is referred to as a changed role. If the user a02 is a business manager from a salesperson in the business platform a, the corresponding user role is also changed from an employee-level user to a manager-level user, and the manager-level user is the corresponding changed role of the user.
After acquiring the ID of the change user and the change role, the service platform sends the acquired ID of the change user and the change role to the user authority management system, so that the user authority management system performs user authority change processing based on the ID of the change user and the change role.
S52: and acquiring the authority management data of the changed users based on the changed roles, integrating the authority management data of the changed users in at least two service platforms, and acquiring the authority of the changed users corresponding to each original user ID.
The change user authority refers to the target user authority corresponding to the change role. The changed user authority management data also comprises changed user authorities, and in a service platform, the original user authority corresponding to each changed role is the changed user authority. For example, the salesperson a02 in the service platform a performs job promotion as a service manager in the service platform a, that is, the role is changed to a manager-level user, and the original user authority of the manager-level user in the service platform a is a1+a2+a3,a1+a2+a3The business member A02 in the business platform A becomes the corresponding change user authority of the business manager A02.
When the original user ID is unchanged and the user role is changed, the user authority of the original user ID in the corresponding service platform is also changed, after the user role is changed, the service platform sends the changed user authority management data corresponding to the changed role to the big data platform for storage, and the big data platform sends the changed user authority management data corresponding to the changed role to the user authority management system. And the user authority management system integrates the changed user authority management data based on the changed roles, integrates the changed user authorities belonging to the same user ID in each service platform, and acquires the changed user authority corresponding to each original user ID.
For example, the salesperson A02 in the service platform A can promote the job as the service manager in the service platform A, and the original user authority of the service manager in the service platform A is a1+a2+a3. The user level of the service administrator A02 is one level, and as can be seen from step S20, the user A02 also has the corresponding original user right of B in the service platform B2The corresponding original user authority in the service platform C is C1The user authority management system can integrate and process user authority management data corresponding to the same user ID in at least one service platform based on the role of the changed user, and the authority of the changed user corresponding to the changed role is a1+a2+a3+b2+c1Then the changing user authority of user A02 is a1+a2+a3+b2+c1
S53: and acquiring the authority management data of the changed user based on the ID of the changed user, integrating the authority management data of the changed user in at least two service platforms, and acquiring the authority of the changed user corresponding to the ID of the changed user.
And when the original user ID is changed to be the changed user ID and the user role is not changed, searching the original user authority of the user role corresponding to the changed user ID in the service platform based on the platform identification associated with the changed user ID. If the user with the original user ID of A01 in the service platform A tunes to the service platform B and then the corresponding changed user ID is B01, the user with the user ID of B01 is tuned to the service platform B from the service platform A and is level-shifted, that is, the user role is not changed and is still a manager-level user, and the original user authority of the manager-level user in the service platform B is B1+b2If the user ID is B01, the right of the changed user is B1+b2
After the user authority management system obtains the changed user authority management data sent by the service platform, the associated user authority in the associated service platform related to the service platform is searched based on the user role corresponding to the changed user ID, then the user authority and the associated user authority in the changed user authority management data are integrated, and the changed user authority corresponding to the changed user ID is obtained. If the user authority management system obtains the changed user authority management data sent by the service platform B, the associated user authority in the associated service platform A related to the service platform B is searched based on the user role corresponding to B01, and the changed user authority corresponding to B01 is obtained as a2+a3+b1+b2
S54: and sending the changed user authority to the corresponding service platform.
After the user authority management system obtains the authority of the changed user, the authority of the changed user is sent to the service platform corresponding to each target platform identification based on at least two platform identifications in the authority of the changed user. And if the ID of the changed user belongs to a certain service platform, the target user authority is sent to the service platform corresponding to the ID of the changed user based on the platform identification contained in the ID of the changed user. After the permission of the changed user is sent to the service platform corresponding to the ID of the changed user, the user permission management system sends the associated user permission in the permission of the changed user and the corresponding original user ID to the associated service platform corresponding to the associated user permission identification, so that the associated service platform can update the user permission management data in the service platform in time. When the user role is changed or the original user ID is changed to cause the corresponding user authority to be changed, the authority management system can acquire the authority of the changed user based on the authority management data of the changed user carried by the user authority change request, so that the authority management personnel can conveniently maintain and manage the authority management data.
According to the cross-platform authority centralized management method, original authority management data of different service platforms are integrated and processed based on user roles through a user authority management system, and target user authority is obtained. And then the user authority management system sends the target user authority to the service platform corresponding to the target platform identification through the preset URI, so that the service platform where the user is located can know the target user authority owned by the user, and the associated platform can acquire the user authority of the user on the associated platform, thereby realizing the cross-platform management of the user authority. When the user role is changed or the original user ID is changed to cause the corresponding user authority to be changed, the authority management system can acquire the authority of the changed user based on the authority management data of the changed user carried by the user authority change request, so that the authority management personnel can maintain and manage the authority management data conveniently.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present invention.
Example 2
Fig. 4 is a schematic block diagram showing a cross-platform user right management apparatus in one-to-one correspondence with the cross-platform user right management method according to embodiment 1. As shown in fig. 4, the cross-platform user right management device includes an original user right management data obtaining module 10, a target user right obtaining module 20, a target platform identification obtaining module 30 and a target user right sending module 40. The implementation functions of the original user right management data obtaining module 10, the target user right obtaining module 20, the target platform identifier obtaining module 30, and the target user right sending module 40 correspond to the steps corresponding to the cross-platform user right management method in the embodiment one to one, and for avoiding repeated descriptions, this embodiment is not described in detail.
An original user authority management data obtaining module 10, configured to obtain original user authority management data sent by at least two service platforms, where the original user authority management data includes an original user ID, a user role, and an original user authority, and the original user authority management data is associated with a platform identifier.
And the target user permission obtaining module 20 is configured to perform integration processing on the original user permissions in the at least two service platforms based on the user roles, and obtain a target user permission corresponding to each original user ID.
And the target platform identifier obtaining module 30 is configured to obtain at least two target platform identifiers corresponding to the cross-platform identifiers if the target user permission carries the cross-platform identifiers.
And the target user permission sending module 40 is used for sending the target user permission to the service platforms corresponding to the at least two target platform identifications.
Preferably, the target user right obtaining module 20 includes: a user level acquisition unit 21, an associated user right acquisition unit 22, and a target user right acquisition unit 23.
The user level obtaining unit 21 is configured to determine, based on the user role, an associated user level of the user role in the associated service platform.
And the associated user authority obtaining unit 22 is configured to use the original user authority below the associated user level in the associated service platform as the associated user authority.
And the target user authority obtaining unit 23 is configured to integrate the associated user authority corresponding to each original user ID and the original user authority to serve as the target user authority.
Preferably, the user level obtaining unit 21 is configured to determine, based on the user role, an associated user level of the user role in the associated service platform by using a preset user level conversion table.
Preferably, the target user permission sending module 40 is configured to send the target user permission to the service platform corresponding to the original user ID, and send the associated user permission in the target user permission and the corresponding original user ID to the associated service platform.
Preferably, the target user permission sending module 40 is configured to send the target user permission to the service platform corresponding to the at least two target platform identifiers by using a preset URI.
Preferably, the cross-platform user right management device further includes a user right change request obtaining module 51, a first user right change obtaining module 52, a second user right change obtaining module 53, and a user right change sending module 54.
The user right change request obtaining module 51 is configured to obtain a user right change request, where the user right change request includes changed user right management data, and the changed user right management data includes a changed user ID or a changed role.
The first modified user authority obtaining module 52 is configured to obtain modified user authority management data based on a modified role, perform integration processing on the modified user authority management data in the at least two service platforms, and obtain modified user authority corresponding to each original user ID.
And a second modified user authority obtaining module 53, configured to obtain modified user authority management data based on the modified user ID, perform integration processing on the modified user authority management data in the at least two service platforms, and obtain modified user authority corresponding to the modified user ID.
And the modified user authority sending module 54 is configured to send the modified user authority to the corresponding service platform.
Example 3
This embodiment provides a computer-readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the method for cross-platform user right management in embodiment 1 is implemented, and details are not described herein again in order to avoid redundancy. Alternatively, the computer program is executed by the processor to implement the functions of each module/unit in the cross-platform user right management device in embodiment 2, and is not described herein again to avoid redundancy.
It is to be understood that the computer-readable storage medium may include: any entity or device capable of carrying said computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, etc.
Example 4
Fig. 5 is a schematic diagram of a computer device provided by an embodiment of the invention. As shown in fig. 5, the computer device 60 of this embodiment includes: a processor 61, a memory 62 and a computer program 63 stored in the memory 62 and executable on the processor 61. The processor 61 implements the steps of the cross-platform user right management method in embodiment 1 described above, such as steps S10 to S40 shown in fig. 1, when executing the computer program 63. Alternatively, when the processor 61 executes the computer program 63, the functions of each module/unit of the cross-platform user right management device in embodiment 2 are implemented, for example, the functions of the original user right management data obtaining module 10, the target user right obtaining module 20, the target platform identifier obtaining module 30, and the target user right sending module 40 shown in fig. 4 are implemented, so as to avoid repetition, which is not described herein repeatedly.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned function distribution may be performed by different functional units and modules according to needs, that is, the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-mentioned functions.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present invention, and are intended to be included within the scope of the present invention.

Claims (10)

1. A cross-platform user right management method is characterized by comprising the following steps:
acquiring original user authority management data sent by at least two service platforms, wherein the original user authority management data comprises an original user ID, a user role and an original user authority, and the original user authority management data is associated with a platform identifier;
based on the user roles, the original user permissions in at least two service platforms are integrated, and a target user permission corresponding to each original user ID is obtained;
if the target user authority carries a cross-platform identifier, acquiring at least two target platform identifiers corresponding to the cross-platform identifier;
sending the target user authority to a service platform corresponding to at least two target platform identifications;
acquiring a user authority change request, wherein the user authority change request comprises changed user authority management data which comprises changed roles;
acquiring modified user authority management data based on the modified roles, integrating the modified user authority management data in at least two service platforms, and acquiring modified user authority corresponding to each original user ID;
and sending the user permission to be changed to a corresponding service platform.
2. The method for cross-platform user right management according to claim 1, wherein the integrating the original user right in at least two of the service platforms based on the user role to obtain the target user right corresponding to each original user ID comprises:
determining the associated user level of the user role in an associated service platform based on the user role;
taking the original user authority below the associated user level in the associated service platform as the associated user authority;
and integrating the associated user authority corresponding to each original user ID and the original user authority to serve as the target user authority.
3. The cross-platform user rights management method of claim 2, wherein said determining an associated user level of the user role in an associated business platform based on the user role comprises:
and determining the associated user level of the user role in the associated service platform by adopting a preset user level conversion table based on the user role.
4. The cross-platform user right management method according to claim 1, wherein said sending the target user right to a service platform corresponding to at least two target platform identities comprises:
and sending the target user authority to a service platform corresponding to the original user ID, and sending the associated user authority in the target user authority and the corresponding original user ID to the associated service platform.
5. The cross-platform user right management method according to claim 1, wherein said sending the target user right to a service platform corresponding to at least two target platform identities comprises:
and sending the target user authority to a service platform corresponding to at least two target platform identifications by adopting a preset URI.
6. The cross-platform user rights management method of claim 1, further comprising:
acquiring a user authority change request, wherein the user authority change request comprises changed user authority management data which comprises a changed user ID;
acquiring the authority management data of the changed users based on the ID of the changed users, integrating the authority management data of the changed users in at least two service platforms, and acquiring the authority of the changed users corresponding to the ID of the changed users;
and sending the user permission to be changed to a corresponding service platform.
7. A cross-platform user rights management device, comprising:
the system comprises an original user authority management data acquisition module, a platform identification acquisition module and a service platform management module, wherein the original user authority management data acquisition module is used for acquiring original user authority management data sent by at least two service platforms, the original user authority management data comprises an original user ID, a user role and an original user authority, and the original user authority management data is associated with the platform identification;
the target user authority acquisition module is used for integrating original user authorities in at least two service platforms based on the user roles and acquiring the target user authority corresponding to each original user ID;
a target platform identifier obtaining module, configured to obtain at least two target platform identifiers corresponding to cross-platform identifiers if the target user permission carries the cross-platform identifiers;
the target user authority sending module is used for sending the target user authority to the service platforms corresponding to the at least two target platform identifications;
the user permission change request acquisition module is used for acquiring a user permission change request, wherein the user permission change request comprises changed user permission management data, and the changed user permission management data comprises changed roles;
the first change user authority acquisition module is used for acquiring change user authority management data based on change roles, integrating the change user authority management data in at least two service platforms and acquiring change user authority corresponding to each original user ID;
and the changed user authority sending module is used for sending the changed user authority to the corresponding service platform.
8. The cross-platform user right management device according to claim 7, wherein the target user right obtaining module comprises:
a user level obtaining unit, configured to determine, based on the user role, a user level of the user role in an associated service platform;
the associated user authority acquiring unit is used for taking the original user authority below the user level in the associated service platform as the associated user authority;
and the target user permission acquisition unit is used for integrating the associated user permission corresponding to each original user ID and the original user permission to serve as the target user permission.
9. A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor when executing the computer program implements the steps of the cross-platform user rights management method according to any one of claims 1 to 6.
10. A computer-readable storage medium, in which a computer program is stored, which, when being executed by a processor, carries out the steps of the cross-platform user rights management method according to any one of claims 1 to 6.
CN201810161846.1A 2018-02-27 2018-02-27 Cross-platform user authority management method and device, computer equipment and storage medium Active CN108416195B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201810161846.1A CN108416195B (en) 2018-02-27 2018-02-27 Cross-platform user authority management method and device, computer equipment and storage medium
PCT/CN2018/081507 WO2019165668A1 (en) 2018-02-27 2018-04-02 Cross-platform user rights management method, apparatus, computer device, and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810161846.1A CN108416195B (en) 2018-02-27 2018-02-27 Cross-platform user authority management method and device, computer equipment and storage medium

Publications (2)

Publication Number Publication Date
CN108416195A CN108416195A (en) 2018-08-17
CN108416195B true CN108416195B (en) 2020-09-25

Family

ID=63129118

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810161846.1A Active CN108416195B (en) 2018-02-27 2018-02-27 Cross-platform user authority management method and device, computer equipment and storage medium

Country Status (2)

Country Link
CN (1) CN108416195B (en)
WO (1) WO2019165668A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111324778B (en) * 2020-01-22 2024-04-30 先进新星技术(新加坡)控股有限公司 Data and service processing method and device and electronic equipment
CN113242310B (en) * 2020-06-30 2024-04-12 浙江口碑网络技术有限公司 Method and device for realizing service based on applet
CN112163833A (en) * 2020-09-27 2021-01-01 北京金山云网络技术有限公司 Authority management method, device and system
CN113742749B (en) * 2021-09-10 2024-03-29 广州市奥威亚电子科技有限公司 Platform user authority management method, device, equipment and storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002312731A (en) * 2001-04-12 2002-10-25 Nec Corp Privilege point commonizing system
US20030031164A1 (en) * 2001-03-05 2003-02-13 Nabkel Jafar S. Method and system communication system message processing based on classification criteria
CN101656625A (en) * 2008-08-18 2010-02-24 中兴通讯股份有限公司 Enterprise unified communication based distributed policy management method
CN102664967A (en) * 2012-05-18 2012-09-12 北京慧创新盈科技有限公司 Method and system for interacting cross-platform personal information and background server
CN103684878A (en) * 2013-12-30 2014-03-26 大唐移动通信设备有限公司 Operating command parameter control method and device
CN103853970A (en) * 2014-03-27 2014-06-11 浪潮软件集团有限公司 Method for integrating operating authorities of multiple web application systems
CN105262725A (en) * 2015-09-08 2016-01-20 浪潮(北京)电子信息产业有限公司 Account sharing control method and system
CN106682487A (en) * 2016-11-04 2017-05-17 浙江蘑菇加电子商务有限公司 User authority management method and system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101714920A (en) * 2008-10-07 2010-05-26 英业达股份有限公司 Authority management system centralizing a plurality of service account numbers and method thereof
CN102882715B (en) * 2012-09-21 2016-08-24 北京国电通网络技术有限公司 A kind of Rights Management System
CN105894159A (en) * 2014-12-03 2016-08-24 北京航天长峰科技工业集团有限公司 Implementation method of cross-domain and cross-platform user unified management system
TWI622944B (en) * 2015-12-01 2018-05-01 Chunghwa Telecom Co Ltd Multi-permission identity identification and access policy management system

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030031164A1 (en) * 2001-03-05 2003-02-13 Nabkel Jafar S. Method and system communication system message processing based on classification criteria
JP2002312731A (en) * 2001-04-12 2002-10-25 Nec Corp Privilege point commonizing system
CN101656625A (en) * 2008-08-18 2010-02-24 中兴通讯股份有限公司 Enterprise unified communication based distributed policy management method
CN102664967A (en) * 2012-05-18 2012-09-12 北京慧创新盈科技有限公司 Method and system for interacting cross-platform personal information and background server
CN103684878A (en) * 2013-12-30 2014-03-26 大唐移动通信设备有限公司 Operating command parameter control method and device
CN103853970A (en) * 2014-03-27 2014-06-11 浪潮软件集团有限公司 Method for integrating operating authorities of multiple web application systems
CN105262725A (en) * 2015-09-08 2016-01-20 浪潮(北京)电子信息产业有限公司 Account sharing control method and system
CN106682487A (en) * 2016-11-04 2017-05-17 浙江蘑菇加电子商务有限公司 User authority management method and system

Also Published As

Publication number Publication date
CN108416195A (en) 2018-08-17
WO2019165668A1 (en) 2019-09-06

Similar Documents

Publication Publication Date Title
CN108416195B (en) Cross-platform user authority management method and device, computer equipment and storage medium
CN111488595B (en) Method for realizing authority control and related equipment
US11170118B2 (en) Network system and method for access management authentication and authorization
DE202020005700U1 (en) Calling external functions from a data warehouse
CN107277086B (en) Service processing system, service processing method and service updating method
US10848522B2 (en) Just-in-time access based on screening criteria to maintain control of restricted data in cloud computing environments
US11223615B2 (en) Provisioning initial keystore for multi-tenant, microservice architecture-based integration service in a cloud computing environment setup
US10924497B2 (en) Just-in-time access based on geolocation to maintain control of restricted data in cloud computing environments
CN108092945B (en) Method and device for determining access authority and terminal
CN110289965B (en) Application program service management method and device
US8365261B2 (en) Implementing organization-specific policy during establishment of an autonomous connection between computer resources
CN112100585A (en) Authority management method, device and storage medium
CN110049031B (en) Interface security authentication method, server and authentication center server
US20130312068A1 (en) Systems and methods for administrating access in an on-demand computing environment
CN114090976A (en) Authority management method, device, electronic equipment and storage medium
CN111510428B (en) Security resource operation and maintenance platform system and control method
CN106506239B (en) Method and system for authentication in organization unit domain
US9418167B2 (en) System and method for invoking web services from command-line program
CN109683942B (en) Script management method, script management device, script management medium and electronic equipment
CN115757589A (en) Data exchange and sharing method and device of database and readable storage medium
CN113742369B (en) Data authority management method, system and storage medium
CN113672361B (en) Distributed data processing system, method, server, and readable storage medium
CN111475802B (en) Authority control method and device
CN112000727B (en) Desensitization display method for dynamically configured service data
CN113065801A (en) Organization architecture management method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant