CN108959909B - License control method, device, computer device and computer-readable storage medium - Google Patents

License control method, device, computer device and computer-readable storage medium Download PDF

Info

Publication number
CN108959909B
CN108959909B CN201810647660.7A CN201810647660A CN108959909B CN 108959909 B CN108959909 B CN 108959909B CN 201810647660 A CN201810647660 A CN 201810647660A CN 108959909 B CN108959909 B CN 108959909B
Authority
CN
China
Prior art keywords
user
module
module group
permission
mapping relation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810647660.7A
Other languages
Chinese (zh)
Other versions
CN108959909A (en
Inventor
胡慧君
魏春宝
陈林峰
王水泉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Kingdee Software China Co Ltd
Original Assignee
Kingdee Software China Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Kingdee Software China Co Ltd filed Critical Kingdee Software China Co Ltd
Priority to CN201810647660.7A priority Critical patent/CN108959909B/en
Publication of CN108959909A publication Critical patent/CN108959909A/en
Application granted granted Critical
Publication of CN108959909B publication Critical patent/CN108959909B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The application relates to a license control method, a license control device, a computer device and a computer readable storage medium. The method comprises the following steps: the method comprises the steps of obtaining a role authorization request of a user, distributing authority items for the user according to the role authorization request, obtaining a mapping relation between a preset authority item and a module group, and distributing module group permission for the user according to the mapping relation between the authority item and the module group. By adopting the method, the permission can be accurately and flexibly calculated.

Description

License control method, device, computer device and computer-readable storage medium
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method and an apparatus for admission control, a computer device, and a computer-readable storage medium.
Background
Licensing refers to the proof that after a customer purchases a module or group of modules of software, the software producer issues to the purchasing customer a module that is usable. The general licensing mode comprises three-dimensional licensing of modules, module groups and products, and is divided into three categories of module licensing, group licensing and full product licensing.
In the conventional technology, the permission number occupied by a user according to a module, a module group or a product classification is generally roughly calculated according to the number of employee roles or posts, and the situation of too much or too little permission often occurs. The permission detection generally adopts pre-use check, if role posts are involved, when permission of cross modules or cross module groups is needed, for example, a financial manager needs to check purchase orders or production plan orders, no permission is often prompted when the use is performed, and thus user services cannot be normally developed. Therefore, in the conventional art, the calculation of the license is limited and not flexible enough.
Disclosure of Invention
In view of the above, it is necessary to provide a method, an apparatus, a computer device and a computer readable storage medium capable of accurately and flexibly calculating admission control.
A method of admission control, the method comprising:
acquiring a role authorization request of a user, and distributing authority items to the user according to the role authorization request;
acquiring a mapping relation between a preset authority item and a module group;
and distributing module grouping permission for the user according to the mapping relation between the authority item and the module grouping.
In one embodiment, the allocating permission of module grouping to the user according to the mapping relationship between the authority item and the module grouping includes:
when an authority item needs to be added to a user, obtaining the permission of a module group needing to be distributed to the user according to the mapping relation between the authority item and the module group;
judging whether the total number of the licenses of the module groups of the user exceeds a preset value after the licenses of the module groups are added to the user, if so, setting the occupied state of the module groups distributed to the user as unoccupied, otherwise, setting the occupied state of the module groups distributed to the user as occupied.
In one embodiment, the allocating permission of module grouping to the user according to the mapping relationship between the authority item and the module grouping includes:
and when the authority item needs to be deleted for the user, deleting the permission of the module group with the mapping relation with the authority item according to the mapping relation between the authority item and the module group.
In one embodiment, the method further includes:
acquiring a request of a user for opening a module group;
acquiring an authority item distributed for a user and a module group having a mapping relation with the authority item;
and checking whether a user is allocated with a module group having a mapping relation with the authority item according to the request for opening the module group, and if so, allowing the user to open the module group.
In one embodiment, the method further includes:
acquiring a permission grouping display interface of a user, wherein the permission grouping display interface is used for displaying the permission of module grouping distributed for the user;
and acquiring a modification instruction of the occupation state of the module group, and modifying the occupation state of the module group into occupation or non-occupation according to the modification instruction.
In one embodiment, the method further includes:
acquiring a viewing instruction of an administrator user, and acquiring a mapping relation between an authority item and a module group according to the viewing instruction;
and displaying the mapping relation in a mapping relation viewing interface, wherein the mapping relation viewing interface displays the mapping relation among the authority items, the page names and the module groups.
In one embodiment, the method further includes:
displaying a user permission grouping distribution interface, wherein the user permission grouping distribution interface displays a user identifier, a corresponding module group and a user state;
and acquiring a modification instruction of the user state, and modifying the user state into starting, disabling or deleting according to the modification instruction.
An admission control device comprising:
the request acquisition module is used for acquiring a role authorization request of a user and distributing authority items to the user according to the role authorization request;
the mapping relation acquisition module is used for acquiring the mapping relation between the preset authority item and the module group;
and the permission distribution module is used for distributing the permission of the module grouping for the user according to the mapping relation between the authority item and the module grouping.
A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the admission control method when executing the computer program.
A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the admission control method.
According to the permission control method, the permission control device, the computer equipment and the computer readable storage medium, the role authorization request of the user is obtained, and the permission item is distributed to the user according to the role authorization request. And acquiring a mapping relation between a preset authority item and the module group, and distributing module group permission for the user according to the mapping relation between the authority item and the module group. Due to the mapping relationship between the authority items and the module groups, accurate and flexible calculation of the permissions is achieved.
Drawings
FIG. 1 is a diagram of an application environment of a license control method in one embodiment;
FIG. 2 is a flow diagram illustrating a method for admission control in one embodiment;
FIG. 3 is a diagram illustrating a flow of mapping relationships between privilege items and module groups according to an embodiment;
FIG. 4 is a block diagram that illustrates a flow of requests for grouping modules in one embodiment;
FIG. 5 is a flow diagram that illustrates a permission packet presentation interface in one embodiment;
FIG. 6 is a diagram of a permission packet presentation interface in one embodiment;
FIG. 7 is a block diagram that illustrates a module grouping status interface in one embodiment;
FIG. 8 is a flow diagram illustrating a mapping process according to one embodiment;
FIG. 9 is a diagram of a mapping viewing interface in one embodiment;
FIG. 10 is a diagram of a user permission group assignment interface in one embodiment;
FIG. 11 is a timing diagram illustrating the grouping of rights items and modules in one embodiment;
FIG. 12 is a block diagram of the structure of a control licensing apparatus in one embodiment;
FIG. 13 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The admission control method provided by the application can be applied to the application environment shown in fig. 1. Wherein the terminal 102 communicates with the server 104 via a network. The terminal 102 is configured to receive a user authorization request command, and then send a role authorization request of the user to the server 104, where the server 104 allocates an authority item to the user according to the role authorization request. The server 104 obtains the mapping relationship between the preset authority items and the module groups, and allocates the permission of the module groups to the user according to the mapping relationship between the authority items and the module groups.
In one embodiment, as shown in fig. 2, a method for controlling admission is provided, which is exemplified by the application of the method to the server 104 in fig. 1, and includes the following steps:
step 202, obtaining a role authorization request of a user, and allocating an authority item to the user according to the role authorization request.
Role authorization refers to assigning roles to a user and assigning different roles to the user according to different identities of the user. The authority item refers to the use authority for managing operations such as user page viewing, adding, deleting and the like, and after role authorization, corresponding authority items are distributed to the users according to the roles of the users.
And step 204, acquiring a mapping relation between the preset authority item and the module group.
A module group refers to a collection of modules in series, e.g., general ledger, cashier, etc., modules are referred to as a financial accounting module group. Specifically, a mapping relation between the authority items and the module groups is preset, and the mapping relation defines specific authority of the user on the module groups. It is understood that one privilege item may have a mapping relationship with multiple module groupings.
And step 206, distributing the permission of the module group for the user according to the mapping relation between the authority item and the module group.
Licensing refers to the proof that after a customer purchases a module or group of modules, the software manufacturer issues to the purchasing customer a module that is usable. The permission of the module group refers to a module group that a customer can use. According to the mapping relation between the authority items and the module groups, when the authority items change, the corresponding module groups also change, as long as one authority item belonging to a certain module group exists, the permission of the module group is distributed to a user, and if one authority item of the certain module group does not exist, the permission of the module group is deleted.
In the permission control method, the permission item is distributed to the user according to the role authorization request by acquiring the role authorization request of the user. And acquiring a mapping relation between a preset authority item and the module group, and distributing module group permission for the user according to the mapping relation between the authority item and the module group. Accurate and flexible calculation of permissions is achieved.
As shown in fig. 3, in one embodiment the admission control method further comprises:
step 302, when the authority item is needed to be added to the user, the permission of the module group to be allocated to the user is obtained according to the mapping relation between the authority item and the module group.
Because the mapping relation exists between the authority item and the module group, when the authority item needs to be added to the user, the permission of the module group needing to be distributed to the user can be obtained according to the mapping relation between the authority item and the module group.
And step 304, judging whether the total number of the licenses of the module groups of the user after the license of the module group added by the user exceeds a preset value, if so, setting the occupied state of the module group distributed to the user as unoccupied, otherwise, setting the occupied state of the module group distributed to the user as occupied.
The total number of licenses refers to the sum of the number of licenses purchased by the customer. For example, if a customer purchases a total of 10 licenses for a module group, the customer may be assigned only 10 licenses. If the user already has the right item, the user is only pre-assigned. Specifically, the system circularly judges whether the user has allocated the corresponding module group according to the set mapping relation between the authority items and the module group and the authority items allocated by the user, if the user does not have the module group, a new module group is added to the user, after the module group is added to the user, the system judges whether the total number of the permissions of the module group of the user exceeds the allowable number of the allocable module group, and if the total number of the permissions of the allocable module group of the user exceeds the allowable number of the allocable module group, the system prompts the allocable number exceeding the allowable number of the 'xxx' and 'xxx' module group. And setting the occupation state of the module group distributed to the user as unoccupied according to the system prompt. If the allowable number of the assignable module group is not exceeded, a new module group is assigned to the user, and the occupied state of the module group of the user is occupied.
In one embodiment the admission control method further comprises: and when the authority item needs to be deleted for the user, deleting the permission of the module group with the mapping relation with the authority item according to the mapping relation between the authority item and the module group.
Because the mapping relation exists between the authority item and the module group, when the authority item needs to be deleted for the user, the permission of the module group with the mapping relation with the authority item can be deleted according to the mapping relation between the authority item and the module group.
As shown in fig. 4, in one embodiment the admission control method further comprises:
step 402, a request for opening a module group by a user is obtained.
And step 404, acquiring the authority items distributed to the user and the module groups having the mapping relation with the authority items.
When the user needs to open the corresponding module group, the terminal 102 acquires a request message for opening the module group, and after acquiring the request message, the terminal 102 sends a request for opening the module group to the server 104. The server 104 allocates different authority items and module groups with mapping relation with the authority items to the users according to the users or user roles, and the information of the module groups is stored in the encrypted License file.
Step 406, checking whether the user is allocated with a module group having a mapping relation with the authority item according to the request for opening the module group, and if so, allowing the user to open the module group.
Each page viewing authority item of the system is associated with one UIID, the UIID refers to a unique identifier of one page, the association relationship between the UIID and the module group is maintained, and when the relationship between the authority item and the module group is initialized, the module group corresponding to the authority item can be judged by means of the UIID associated with the authority item. If the user is assigned a module group having a mapping relation with the authority item, the server 104 allows the corresponding module group to be opened according to the request of the user.
In one embodiment, an admission control method is shown in fig. 5, further comprising:
step 502, obtaining a permission grouping display interface of the user, wherein the permission grouping display interface is used for displaying the permission of the module grouping distributed for the user.
The license grouping display interface is used for displaying the licenses of the module groups distributed for the users, as shown in fig. 6, the licenses of the whole system are displayed in a summary mode according to the module, module group and product statistics, wherein the subsystem code 602 corresponds to the module grouping code, the subsystem name 604 corresponds to the module group, and the product statistics 606 include the number of authorized licenses, the number of registered licenses and the number of remaining licenses, and are used for displaying the occupation situation of the licenses, and monitoring the use situation, the use time and the user state of the licenses in real time. The usage and usage time of the license is monitored and if the user has not used the license for more than a certain time, which is customizable, the packet is automatically released. And monitoring the user state, wherein the user state refers to the state that the user is in enabling, disabling and deleting. According to the state change of the user, the system can adjust the occupied state and the unoccupied state of the packet.
Step 504, a modification instruction of the occupation state of the module group is obtained, and the occupation state of the module group is modified to be occupied or unoccupied according to the modification instruction.
As shown in fig. 7, the state 702 of the module group is divided into occupied and unoccupied states, where occupied means a newly added module group, and the state is occupied if the remaining allowable number is greater than or equal to 1, and unoccupied means that the state is unoccupied if the remaining allowable number is 0 in the newly added module group. According to the mapping relation between the permission item and the module group, the terminal 102 obtains an occupation state modification instruction of the module group, the remaining permission number in the newly added module group is larger than or equal to 1, the administrator modifies the state of the module group to be occupied, and if the remaining permission number in the newly added module group is 0, the administrator modifies the state of the module group to be unoccupied.
As shown in fig. 8, in one embodiment the admission control method further comprises:
and step 802, acquiring a viewing instruction of an administrator user, and acquiring a mapping relation between the authority item and the module group according to the viewing instruction.
The viewing rights of each page of the system are associated with a UIID. The UIID refers to the unique identification of the page, and if the authority item is not associated with the UIID, product designers need to maintain the UIID during research and development. The association of UIIDs with module groupings is maintained, which requires manual maintenance. When the relation between the authority item and the module group is initialized, a checking instruction of an administrator user is obtained, and the module group corresponding to the authority item can be checked by means of the UIID associated with the authority item.
And step 804, displaying the mapping relation in a mapping relation viewing interface, wherein the mapping relation viewing interface displays the mapping relation among the authority items, the page names and the module groups.
The mapping relationship between the permission item and the module group is shown in a mapping relationship viewing interface, as shown in fig. 9, which is used for showing the mapping relationship between the permission item and the module group, and the mapping relationship viewing interface displays the mapping relationship between the permission item 902, the UI class name 904 and the module group 906. UI class name 904 refers to the unique UIID of the page, each privilege item 902 will have a unique UI class name 904 associated with it, and UI class name 904 is associated with module group 906. By means of the UI class name 904 associated with the privilege item 902, the module group 906 corresponding to the privilege item can be determined.
In one embodiment the admission control method further comprises: displaying a user permission grouping distribution interface, wherein the user permission grouping distribution interface displays a user identifier, a corresponding module group and a user state; and acquiring a modification instruction of the user state, and modifying the user state into starting, disabling or deleting according to the modification instruction.
The user permission packet assignment interface displays the user id, the corresponding module packet and the user status, as shown in fig. 10, each user id 1010 corresponds to one module packet 1020, and the user status 1030 can be known according to the module packet 1020 corresponding to the user id 1010. User state 1030 refers to a user being in an enabled, disabled, or deleted state. For example, user identification 1010 is 041301 and its corresponding module grouping 1020 is professional application-financial accounting, and the user's current status may be known to be enabled. According to the state change of the user, the administrator obtains the modification instruction of the user state 1030 and modifies the state of the user. The user state 1030 may be modified to enable, disable, or delete. When the user state is disabled or deleted, the user permission is automatically released.
According to the permission control method, the modification instruction of the user state is acquired by acquiring the modification instruction of the occupied state of the module group and modifying the occupied state of the module group into occupied or unoccupied according to the modification instruction, and the user state is modified into enabled, disabled or deleted according to the modification instruction. By manually adjusting the user permissions, the number of permissions can be saved, and cost is saved for enterprises.
In one embodiment, an admission control method is provided, which is implemented by the following specific steps:
first, the terminal 102 is configured to receive a user authorization request command, and then send a role authorization request of the user to the server 104, where the server 104 assigns different roles to the user according to different identities of the user. The server 104 then assigns the corresponding rights item to the user according to the role authorization request.
Then, the server 104 obtains a mapping relationship between the preset authority items and the module groups, and the system presets the mapping relationship between the authority items and the module groups, wherein the mapping relationship defines the specific authority of the user for the module groups. It is understood that one privilege item may have a mapping relationship with multiple module groupings. When the user needs to add the right item, the server 104 directly obtains the permission of the module group and distributes the permission to the user.
Next, when the user needs to open the corresponding module group, the terminal 102 acquires a request message for opening the module group, and after acquiring the request message, the terminal 102 sends a request for opening the module group to the server 104. The server 104 allocates different authority items and module groups with mapping relation with the authority items to the users according to the users or user roles, and the information of the module groups is stored in the encrypted License file. Each page viewing authority item of the system is associated with one UIID, the UIID refers to a unique identifier of one page, the association relationship between the UIID and the module group is maintained, and when the relationship between the authority item and the module group is initialized, the module group corresponding to the authority item can be judged by means of the UIID associated with the authority item. If the user is assigned a module group having a mapping relation with the authority item, the server 104 allows the corresponding module group to be opened according to the request of the user.
Next, server 104 assigns the user with permission for the grouping of modules based on the mapping of the privilege items to the grouping of modules. Because the mapping relation exists between the authority item and the module group, the system circularly judges whether the user distributes the corresponding module group according to the set mapping relation between the authority item and the module group, if the user does not have the module group, a new module group is added to the user, after the module group is added to the user, the system judges whether the total number of the module group permission of the user exceeds the number of the module group permission which can be distributed, if the number of the module group permission exceeds the number of the module group permission which can be distributed, the system prompts the distributable number which exceeds the number of the module group permission which can be distributed. The system sets the occupancy state of the module group assigned to the user to "unoccupied" according to the prompt. If the allowable number of the assignable module group is not exceeded, a new module group is assigned to the user, the occupied state of the module group of the user is occupied, and the user synchronization state is not synchronized. The system synchronizes the data of the user to an enterprise cloud platform, makes a License permission file again at the cloud end and transmits the License permission file back to the ERP, and analyzes the information in the License file to the ERP, wherein the ERP is an enterprise resource planning system, the system automatically updates the user grouping information and modifies the user synchronization state into 'synchronized', and at the moment, the authority of the user is successfully modified, and the operation of other corresponding functions can be carried out. When the authority item needs to be deleted for the user, the module group with the mapping relation with the authority item can be deleted according to the mapping relation between the authority item and the module group. As shown in fig. 11, it is determined whether to delete an existing module group, and if not, the module group allocated to the user is unchanged, and the authorization conclusion is unchanged; if so, the synchronous state of the user is 'unsynchronized', whether the authority is deleted by misoperation or not is judged, if so, the original authority is recovered, and the flow step of adding a new module group to the user is executed. If the user data is not directly synchronized to the enterprise cloud platform by the misoperation system, the License permission file is re-made at the cloud end and is transmitted back to the ERP, the information in the License file is analyzed to the ERP, the ERP is an enterprise resource planning system, the system automatically updates the user grouping information and modifies the user synchronization state into 'synchronized', and at the moment, the authority of the user is successfully modified, and the operation of other corresponding functions can be carried out.
Meanwhile, the administrator acquires a permission group presentation interface of the user, and the permission presentation interface is used for presenting the permission of the module group distributed for the user. The license of the whole system is summarized and displayed according to the modules, the module grouping and the product statistics, the occupation condition of the license is mainly displayed, and the use condition, the use time and the user state of the license are monitored in real time. The usage and usage time of the license is monitored and if the user has not used the license for more than a certain time, which is customizable, the packet is automatically released. And monitoring the user state, wherein the user state refers to the state that the user is in enabling, disabling and deleting. According to the state change of the user, the system can adjust the occupied state and the unoccupied state of the packet. According to the mapping relation between the permission item and the module group, the terminal 102 obtains an occupation state modification instruction of the module group, the remaining permission number in the newly added module group is larger than or equal to 1, the administrator modifies the state of the module group to be occupied, and if the remaining permission number in the newly added module group is 0, the administrator modifies the state of the module group to be unoccupied.
And then, acquiring a viewing instruction of an administrator user, and viewing the module group corresponding to the authority item by means of the UIID associated with the authority item. And displaying the mapping relation in a mapping relation viewing interface, wherein the mapping relation viewing interface displays the mapping relation among the authority items, the page names and the module groups. And displaying a user permission grouping distribution interface, wherein the user permission grouping distribution interface displays the user identification, the corresponding module grouping and the user state. And according to the state change of the user, acquiring a modification instruction of the user state and modifying the state of the user. The user state may be modified to enable, disable, or delete. When the user is disabled or deleted, the user permission is automatically released.
It should be understood that although the various steps in the flowcharts of fig. 2-5, 8 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 2-5, 8 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performing the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternately with other steps or at least some of the sub-steps or stages of other steps.
In one embodiment, as shown in fig. 12, there is provided an admission control device including: a request obtaining module 1210, a mapping relation obtaining module 1220 and a permission allocating module 1230, wherein:
the request obtaining module 1210 is configured to obtain a role authorization request of a user, and assign an authority item to the user according to the role authorization request.
The mapping relationship obtaining module 1220 is configured to obtain a mapping relationship between a preset authority item and a module group.
And a license assignment module 1230, configured to assign a license of the module group to the user according to the mapping relationship between the authority item and the module group.
In one embodiment, the request obtaining module 1210 may further be configured to obtain a request for opening a module group by a user. When the user needs to open the corresponding module group, a request message for opening the module group needs to be sent to the terminal 102, and after the terminal 102 receives the request message, a request for opening the module group is sent to the server 104.
In one embodiment, the mapping relationship obtaining module 1220 may further be configured to obtain the authority items allocated to the user and the module groups having mapping relationships with the authority items; and checking whether the user is allocated with a module group having a mapping relation with the authority item according to the request for opening the module group, and if so, allowing the user to open the module group.
In one embodiment, the license assignment module 1230 may be further configured to, when a rights item needs to be added to the user, obtain a license of the module group to be assigned to the user according to a mapping relationship between the rights item and the module group; judging whether the total number of the licenses of the module groups of the user exceeds a preset value after the licenses of the module groups are added to the user, if so, setting the occupied state of the module groups distributed to the user as unoccupied, otherwise, setting the occupied state of the module groups distributed to the user as occupied. And when the authority item needs to be deleted for the user, deleting the permission of the module group with the mapping relation with the authority item according to the mapping relation between the authority item and the module group.
For specific limitations of the admission control device, reference may be made to the above limitations of the admission control method, which are not described in detail here. The various modules in the admission control device described above may be implemented in whole or in part by software, hardware, and combinations thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a server, and its internal structure diagram may be as shown in fig. 13. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used for storing cached third-party system data. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a data processing method.
Those skilled in the art will appreciate that the architecture shown in fig. 13 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided, comprising a memory and a processor, the memory having a computer program stored therein, the processor implementing the following steps when executing the computer program:
acquiring a role authorization request of a user, and distributing authority items to the user according to the role authorization request;
acquiring a mapping relation between a preset authority item and a module group;
and distributing the permission of the module group for the user according to the mapping relation between the authority item and the module group.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
when the authority item is required to be added to the user, the permission of the module group required to be distributed to the user is obtained according to the mapping relation between the authority item and the module group;
judging whether the total number of the licenses of the module groups of the user exceeds a preset value after the licenses of the module groups are added to the user, if so, setting the occupied state of the module groups distributed to the user as unoccupied, otherwise, setting the occupied state of the module groups distributed to the user as occupied.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
and when the authority item needs to be deleted for the user, deleting the permission of the module group with the mapping relation with the authority item according to the mapping relation between the authority item and the module group.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
acquiring a request of a user for opening a module group;
acquiring an authority item distributed for a user and a module group having a mapping relation with the authority item;
and checking whether the user is allocated with a module group having a mapping relation with the authority item according to the request for opening the module group, and if so, allowing the user to open the module group.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
acquiring a permission grouping display interface of a user, wherein the permission grouping display interface is used for displaying the permission of module grouping distributed for the user;
and acquiring a modification instruction of the occupation state of the module group, and modifying the occupation state of the module group into occupation or non-occupation according to the modification instruction.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
acquiring a viewing instruction of an administrator user, and acquiring a mapping relation between the authority item and the module group according to the viewing instruction;
and displaying the mapping relation in a mapping relation viewing interface, wherein the mapping relation viewing interface displays the mapping relation among the authority items, the page names and the module groups.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
displaying a user permission grouping distribution interface, wherein the user permission grouping distribution interface displays a user identifier, a corresponding module group and a user state;
and acquiring a modification instruction of the user state, and modifying the user state into starting, disabling or deleting according to the modification instruction.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, databases, or other media used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (10)

1. An admission control method, characterized by comprising the steps of:
acquiring a role authorization request of a user, and distributing authority items to the user according to the role authorization request;
acquiring a mapping relation between a preset authority item and a module group, wherein the module group is a set of modules, and the modules are software modules;
distributing module grouping permission to the user according to the mapping relation between the authority items and the module grouping; the permission of the module group is a certificate of the module group which can be used by a user;
the allocating module grouping permission to the user according to the mapping relation between the authority item and the module grouping comprises the following steps:
when an authority item needs to be added to a user, obtaining the permission of a module group needing to be distributed to the user according to the mapping relation between the authority item and the module group;
judging whether the total number of the licenses of the module groups of the user exceeds a preset value after the licenses of the module groups are added to the user, if so, setting the occupied state of the module groups distributed to the user as unoccupied, otherwise, setting the occupied state of the module groups distributed to the user as occupied.
2. The method of claim 1, wherein one of the privilege items has a mapping relationship with one or more of the module groupings.
3. The method according to claim 1, wherein said allocating permission of module grouping to said user according to said mapping relationship between said authority item and module grouping comprises:
and when the authority item needs to be deleted for the user, deleting the permission of the module group with the mapping relation with the authority item according to the mapping relation between the authority item and the module group.
4. The method of claim 1, further comprising:
acquiring a request of a user for opening a module group;
acquiring an authority item distributed for a user and a module group having a mapping relation with the authority item;
and checking whether a user is allocated with a module group having a mapping relation with the authority item according to the request for opening the module group, and if so, allowing the user to open the module group.
5. The method of claim 1, further comprising:
acquiring a permission grouping display interface of a user, wherein the permission grouping display interface is used for displaying the permission of module grouping distributed for the user;
and acquiring a modification instruction of the occupation state of the module group, and modifying the occupation state of the module group into occupation or non-occupation according to the modification instruction.
6. The method of claim 1, further comprising:
acquiring a viewing instruction of an administrator user, and acquiring a mapping relation between an authority item and a module group according to the viewing instruction;
and displaying the mapping relation in a mapping relation viewing interface, wherein the mapping relation viewing interface displays the mapping relation among the authority items, the page names and the module groups.
7. The method of claim 1, further comprising:
displaying a user permission grouping distribution interface, wherein the user permission grouping distribution interface displays a user identifier, a corresponding module group and a user state;
and acquiring a modification instruction of the user state, and modifying the user state into starting, disabling or deleting according to the modification instruction.
8. An admission control device, characterized in that it comprises:
the request acquisition module is used for acquiring a role authorization request of a user and distributing authority items to the user according to the role authorization request;
the system comprises a mapping relation acquisition module, a module management module and a module management module, wherein the mapping relation acquisition module is used for acquiring a mapping relation between a preset authority item and a module group, the module group is a set of modules, and the modules are software modules;
the permission distribution module is used for distributing the permission of the module grouping for the user according to the mapping relation between the permission item and the module grouping; the permission of the module group is a certificate of the module group which can be used by a user;
the permission allocation module is further configured to, when a permission item needs to be added to the user, obtain permission of a module group to be allocated to the user according to a mapping relationship between the permission item and the module group, determine whether the total number of the permissions of the module group of the user after permission of the user to add the module group to the user exceeds a preset value, set an occupied state of the module group allocated to the user as unoccupied if the total number of the permissions of the module group of the user exceeds the preset value, and otherwise, set the occupied state of the module group allocated to the user as occupied.
9. A computer device comprising a memory and a processor, the memory storing a computer program, wherein the processor implements the steps of the method of any one of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 7.
CN201810647660.7A 2018-06-22 2018-06-22 License control method, device, computer device and computer-readable storage medium Active CN108959909B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810647660.7A CN108959909B (en) 2018-06-22 2018-06-22 License control method, device, computer device and computer-readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810647660.7A CN108959909B (en) 2018-06-22 2018-06-22 License control method, device, computer device and computer-readable storage medium

Publications (2)

Publication Number Publication Date
CN108959909A CN108959909A (en) 2018-12-07
CN108959909B true CN108959909B (en) 2020-10-23

Family

ID=64491200

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810647660.7A Active CN108959909B (en) 2018-06-22 2018-06-22 License control method, device, computer device and computer-readable storage medium

Country Status (1)

Country Link
CN (1) CN108959909B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111861357B (en) * 2019-06-17 2024-04-26 北京嘀嘀无限科技发展有限公司 Authority information processing method and system, computer equipment and storage medium
CN112115034B (en) * 2020-08-20 2022-07-15 胜宏科技(惠州)股份有限公司 System and method for automatically cleaning and distributing InCAM License
CN112562164A (en) * 2020-12-17 2021-03-26 深圳市亚联讯网络科技有限公司 Object management method and object management system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101369303A (en) * 2008-10-13 2009-02-18 金蝶软件(中国)有限公司 Method and system for controlling concurrency user number
CN101699478A (en) * 2009-10-28 2010-04-28 金蝶软件(中国)有限公司 Right management method and device and management system
CN101710377A (en) * 2009-10-28 2010-05-19 金蝶软件(中国)有限公司 Method for realizing software license service, device and network equipment thereof
WO2017131892A1 (en) * 2016-01-29 2017-08-03 Google Inc. Device access revocation

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2073138A1 (en) * 2007-02-06 2009-06-24 Research In Motion Limited System and method for setting application permissions
US8887271B2 (en) * 2009-06-15 2014-11-11 Sap Se Method and system for managing object level security using an object definition hierarchy
CN107958140B (en) * 2017-12-22 2020-08-18 金蝶蝶金云计算有限公司 Method and device for generating encrypted license file, computer equipment and storage medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101369303A (en) * 2008-10-13 2009-02-18 金蝶软件(中国)有限公司 Method and system for controlling concurrency user number
CN101699478A (en) * 2009-10-28 2010-04-28 金蝶软件(中国)有限公司 Right management method and device and management system
CN101710377A (en) * 2009-10-28 2010-05-19 金蝶软件(中国)有限公司 Method for realizing software license service, device and network equipment thereof
WO2017131892A1 (en) * 2016-01-29 2017-08-03 Google Inc. Device access revocation

Also Published As

Publication number Publication date
CN108959909A (en) 2018-12-07

Similar Documents

Publication Publication Date Title
EP3396575B1 (en) Entitlement management system
CN108959909B (en) License control method, device, computer device and computer-readable storage medium
GB2587966A (en) Network security
US5023907A (en) Network license server
CN109614238B (en) Target object identification method, device and system and readable storage medium
US20080162707A1 (en) Time Based Permissioning
CN108156175B (en) Method for accessing shared storage information under cloud computing platform
CN110532025B (en) Data processing method, device and equipment based on micro-service architecture and storage medium
CN102047275A (en) Hierarchical administration of resources
MX2012009022A (en) Generic feature licensing framework.
CA3099427A1 (en) Method and system for defining roles in an identity and access management system
CN111460404A (en) Double-recording data processing method and device, computer equipment and storage medium
US20220255947A1 (en) Gradual Credential Disablement
EP3196827A1 (en) Distribution of licenses for a third-party service operating in association with a licensed first-party service
CN106997440A (en) A kind of role access control method
CN113114674A (en) Service access method, device, equipment and storage medium
EP2637120B1 (en) Enterprise license registrar anchor point
CN114422197A (en) Permission access control method and system based on policy management
CN112104671B (en) Interface authorization monitoring method and device, computer equipment and storage medium
CN111290776A (en) Management device and method for managing block chain nodes
CN112597452A (en) Application program interface calling method and device, storage medium and electronic equipment
JP6957223B2 (en) Information processing system, control method and its program
CN106991297B (en) The management method and system and creation method and system of software license
US8429193B2 (en) Security control of analysis results
CN108270865B (en) Job scheduling method of high-performance cloud computing platform

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant