CN109241727B - Permission setting method and device - Google Patents

Permission setting method and device Download PDF

Info

Publication number
CN109241727B
CN109241727B CN201810928320.1A CN201810928320A CN109241727B CN 109241727 B CN109241727 B CN 109241727B CN 201810928320 A CN201810928320 A CN 201810928320A CN 109241727 B CN109241727 B CN 109241727B
Authority
CN
China
Prior art keywords
service
authority
qualification
readable
setting
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810928320.1A
Other languages
Chinese (zh)
Other versions
CN109241727A (en
Inventor
曾凡
万志颖
史晓茸
李家昌
阮华
何瑞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201810928320.1A priority Critical patent/CN109241727B/en
Publication of CN109241727A publication Critical patent/CN109241727A/en
Application granted granted Critical
Publication of CN109241727B publication Critical patent/CN109241727B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Computer Security & Cryptography (AREA)
  • Strategic Management (AREA)
  • Human Resources & Organizations (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • General Business, Economics & Management (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application discloses a permission setting method and device. The authority setting method is applied to services comprising at least two levels, and each level of service is provided with a management authority and a readable authority, and the method comprises the following steps: aiming at the service of each hierarchy, acquiring the authority of a user aiming at the service; when the authority of the user for the service is management authority, determining that the user has a first authority configuration qualification and a second authority configuration qualification for the service; the first permission configuration qualification is qualification of a white list capable of setting readable permission of the service; the second authority configuration qualification is qualification of setting readable authority white list and/or management authority white list of next-level business of the business. By adopting the embodiment of the application, the flexibility of permission setting can be realized, and the permission setting efficiency is improved.

Description

Permission setting method and device
Technical Field
The invention relates to the technical field of computer application, in particular to a permission setting method and device.
Background
In enterprise management, rights management is the most important means for ensuring information security. In a general enterprise management system, a small number of system administrators are set, and the system administrators set different modules, pages, reports, and even ranks of data for the enterprise system. The management authority or the access authority is basically set manually by a system administrator, however, the setting of the management authority by a small number of system administrators results in a large workload and a slow response.
Disclosure of Invention
The embodiment of the application provides a permission setting method and device, which are applied to services comprising at least two levels, the management permission and the readable permission of each level of service are separated, and the readable permission of each level of service is set autonomously, so that the flexibility of permission setting is realized, and the permission setting efficiency is improved.
In a first aspect, an embodiment of the present application provides an authority setting method, where the authority setting method is applied to a service including at least two levels, and a management authority and a readable authority are set in the service of each level, where the method includes:
aiming at the service of each hierarchy, acquiring the authority of a user aiming at the service;
when the authority of the user for the service is management authority, determining that the user has a first authority configuration qualification and a second authority configuration qualification for the service;
the first permission configuration qualification is qualification of a white list capable of setting readable permission of the service; the second authority configuration qualification is qualification of setting readable authority white list and/or management authority white list of next-level business of the business.
Optionally, when the right the user has for the service is an administrative right, the method further includes:
determining that the user qualifies for a service creation for the service, the service creation qualification being a qualification to create a next tier service for the service.
Optionally, when the right the user has for the service is an administrative right, the method further includes:
determining whether a function of setting readable permission across layers is started;
when the function of setting readable permission across the layers is not started, determining that the second permission configuration qualification is qualification of a white list capable of setting the management permission of the next-layer service of the service;
when the function of setting the readable authority across the layers is started, determining that the second authority configuration qualification is qualification of setting a white list of the readable authority of the next-layer service of the service and qualification of managing the white list of the authority.
Optionally, the white list of readable rights and/or the white list of management rights are determined according to a business hierarchy or a management organization architecture hierarchy.
Optionally, when the service is a service at the topmost hierarchy level, the white list of the management authority of the service is determined by a system administrator.
In a second aspect, an embodiment of the present application provides an authority setting device, where the authority setting device is applied to a service including at least two levels, and each level of the service is provided with a management authority and a readable authority, and the apparatus includes:
the device comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring the authority of a user for each layer of service;
the determining unit is used for determining that the user has a first permission configuration qualification and a second permission configuration qualification for the service when the permission of the user for the service is management permission;
the first permission configuration qualification is qualification of a white list capable of setting readable permission of the service; the second authority configuration qualification is qualification of setting readable authority white list and/or management authority white list of next-level business of the business.
Optionally, when the authority that the user has for the service is an administrative authority, the determining unit is further configured to determine that the user has a service creation qualification for the service, where the service creation qualification is a qualification for creating a next-level service for the service.
Optionally, when the authority of the user for the service is an administrative authority, the determining unit is further configured to determine whether a function of setting a readable authority across layers is turned on; when the function of setting readable permission across the layers is started, determining that the second permission configuration qualification is the qualification of a management permission white list of the next-layer service capable of setting the service; and when the function of setting the readable authority across the layers is not started, determining the second authority configuration qualification as the qualification of setting the readable authority white list and the management authority white list of the next-layer service of the service.
In a third aspect, an embodiment of the present application provides an authority setting device, including a processor and a memory;
the processor for invoking program code in the memory for performing the method of the first aspect.
In a fourth aspect, the present application provides a computer-readable storage medium storing a computer program, the computer program comprising program instructions that, when executed by a communication device, cause the communication device to perform the method according to the first aspect.
The embodiment of the application separates the management authority and the readable authority of each layer of service, and can autonomously set the readable authority of the service and the readable authority and/or the management authority of the service at the next layer of the service aiming at the user with the management authority of each layer of service, thereby realizing the flexibility of authority setting and improving the efficiency of authority setting.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic flowchart of a permission setting method provided in an embodiment of the present application;
FIG. 2 is a schematic diagram of an authority setting interface provided in an embodiment of the present application;
fig. 3 is a schematic flowchart of another permission setting method provided in an embodiment of the present application;
fig. 4 is a schematic diagram of a permission setting method provided in an embodiment of the present application;
fig. 5 is a schematic diagram of a service system provided in an embodiment of the present application;
fig. 6 is a schematic diagram of an authority setting apparatus according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of a rights setting device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
The authority management is an important means for ensuring information security, and the authority management refers to that a user can access and only can access authorized resources based on own account information according to security rules or security policies set by a system. Generally speaking, a business will set a small number of system administrators through which to configure the rights of each person. However, the permission setting method causes problems of large workload and slow response.
In order to solve the problem, an embodiment of the present application provides an authority setting method, which may be applied to a service including at least two hierarchies, where each hierarchy of the service is provided with a management authority and a readable authority. In the embodiment of the application, for each hierarchy of service, when the authority of a user for the service is an administrative authority, the user is determined to have a first authority configuration qualification and a second authority configuration qualification for the service. Therefore, in the embodiment of the application, the user who has the management authority aiming at each level of the service can set the readable authority of the service independently, and also can set the readable authority and the management authority of the service at the next level of the service independently, so that the flexibility of authority setting is realized, and the authority setting efficiency is improved.
The business comprising at least two levels can be the business of system service needing to set authority, such as a data management system, an enterprise office system and the like. The first rights configuration qualification is a qualification to be able to set a white list of readable rights for the service. The second authority configuration qualification is qualification of white list of readable authorities and/or white list of management authorities of the next-level service capable of setting up the service.
The whitelist of readable rights includes one or more user identifications and the whitelist of administrative rights includes one or more user identifications. The user identifier may also be referred to as a user account, which may be at least one of: a mobile phone number, an identification number, a mailbox, an account number allocated by a designated server, and the like. In an alternative implementation, the white list of readable permissions and/or the white list of administrative permissions may be determined according to a business hierarchy or an administrative organizational hierarchy.
The readable authority refers to that only reading authority is provided for a certain service object. For example, some important business objects may be set to this privilege state to avoid modification of data under the readable privilege.
The management authority refers to that a certain business object has other larger authorities, such as authorities for adding, deleting and modifying data, or other specific authorities for configuring enterprise employees. The management authority may include a reading authority qualification corresponding to the readable authority, or may not include a reading authority qualification corresponding to the readable authority.
In the embodiment of the present application, the permission setting method may be executed by a communication device, and the communication device may be a terminal or a server. The terminal includes, but is not limited to, a desktop computer, a notebook computer, a tablet computer, and other intelligent terminals such as portable devices. The server may be a server or a cluster of servers in the internet.
In order to more clearly describe the technical solution of the embodiment of the present invention, a terminal is taken as an example and is explained below.
Referring to fig. 1, fig. 1 is a schematic flowchart illustrating a method for setting permissions according to an embodiment of the present disclosure. The permission setting method can be applied to services including at least two hierarchies, wherein each hierarchy of service is provided with a management permission and a readable permission, and specifically, the permission setting method can include the following steps:
101. and the terminal acquires the authority of the user for the service aiming at each hierarchy of the service.
The user has administrative rights and/or readable rights for each level of traffic. The service of each hierarchy includes, but is not limited to, a first service, a second service, a third service, and the like.
In an optional implementation manner, the obtaining, by the terminal, the right that the user has for the service for each tier of the service may include: and the terminal acquires the user identification of the user aiming at the service of each hierarchy, and inquires the authority of the user aiming at the service according to the user identification of the user.
Specifically, the terminal is provided with a white list of management rights and a white list of readable rights for each level of traffic. The terminal obtains the user identifier of the user for the service of each hierarchy, and queries the authority of the user for the service according to the user identifier of the user, which may include: the terminal searches whether the white list of the management authority comprises the user identification of the user or not and whether the white list of the readable authority comprises the user identification of the user or not aiming at the service of each hierarchy; if the white list of the management authority comprises the user identification of the user, determining that the user has the management authority for the service, otherwise, determining that the user does not have the management authority for the service; and if the white list of the readable authority comprises the user identification of the user, determining that the user has the readable authority for the service, otherwise, determining that the user does not have the readable authority for the service.
102. When the authority of the user for the service is the management authority, the terminal determines that the user has a first authority configuration qualification and a second authority configuration qualification for the service.
In step 102, the user having the management authority of the service can set not only the readable authority of the service, but also the readable authority and the management authority of the next-level service of the service.
In an optional embodiment, after the terminal determines that the user has the first right configuration qualification and the second right configuration qualification for the service, the readable right of the service can be set by the following steps: and the terminal receives the setting operation of the white list of the readable authority of the user aiming at the service, and sets the white list of the readable authority according to the setting operation of the white list of the readable authority of the service. The first setting operation is to delete the user identifier, modify the user identifier or add the user identifier and the like aiming at the white list of the readable authority.
For example, by taking fig. 2 as an example, a process of setting readable permission for a second service is briefly described, where the second service is a lower-level service of a first service.
The user carries out click operation on the authority setting interface displayed by the terminal aiming at the second service; the terminal responds to the clicking operation and outputs operation options, wherein the operation options comprise at least one of a readable authority setting option, a management authority setting option and a next-level service generation option; a user inputs click operation aiming at the readable authority setting option through the terminal; the terminal responds to the click operation and outputs a readable authority setting interface aiming at the second service, wherein the readable authority setting interface is used for inputting a white list with readable authority aiming at the second service; the user inputs the user identification 1 and the user identification 2 through the readable authority setting control and clicks the confirmation control; and the terminal determines a white list with readable authority for the second service based on the operation.
In an optional embodiment, after the terminal determines that the user has the first right configuration qualification and the second right configuration qualification for the service, the readable right and/or the management right of the next-level service of the service can be set as follows. For example, the terminal receives a setting operation of a white list of readable rights of a next-level service of the service by a user, so as to set the white list of readable rights of the next-level service of the service; and/or the terminal receives the setting operation of the white list of the readable authority of the user aiming at the next-level service of the service so as to set the white list of the management authority of the next-level service of the service. The operation of setting the white list of the readable authority of the next-level service of the service is to delete the user identifier, modify the user identifier or add the user identifier and the like for the white list of the readable authority of the next-level service of the service. And setting operation of the readable authority white list of the next-level service of the service, and carrying out operations of deleting the user identification, modifying the user identification or adding the user identification and the like on the management authority white list of the next-level service of the service.
Therefore, in the embodiment of the application, the terminal acquires the authority of the user for the service aiming at each level of the service; and when the authority of the user for the service is the management authority, determining that the user has a first authority configuration qualification and a second authority configuration qualification for the service. Therefore, the embodiment of the application increases the efficiency and flexibility of authority setting by distributing the authority setting mechanism to the users with the management authority of the corresponding hierarchy service, and simultaneously ensures the reliability of the service by separating the management authority and the readable authority of the service.
Please refer to fig. 3, which is a flowchart illustrating another permission setting method according to an embodiment of the present application. The permission setting method can be applied to services comprising at least two levels, wherein each level of service is provided with a management permission and a readable permission, and specifically, the permission setting method can comprise the following steps:
201. the terminal acquires the authority of a user for the service of each level;
202. when the authority of the user for the service is the management authority, the terminal determines that the user has a first authority configuration qualification and a second authority configuration qualification for the service.
Step 201 and step 202 may refer to step 101 and step 102, which are not described herein again in this embodiment of the present application.
203. When the authority of the user for the service is the management authority, the terminal determines that the user has service creation qualification for the service, and the service creation qualification is qualification for creating a next-level service for the service.
In the embodiment of the application, after determining that the user has the service creation qualification for the service, the terminal may create a next-level service of the service.
Specifically, the creating of the next-level service of the service may include: the terminal determines a service creation request message for a next-level service of the service, wherein the service creation request message contains service information requested to be created; and the terminal establishes the next-level service of the service according to the service information.
Based on the permission setting interface shown in fig. 2, the determining, by the terminal, the service creation request message of the service may include the following steps: the user carries out single-click operation on the service on the authority setting interface displayed by the terminal; the terminal responds to the clicking operation and outputs operation options, wherein the operation options comprise at least one of a readable authority setting option, a management authority setting option and a next-level service generation option; a user generates an option input click operation aiming at the next-level service; the terminal responds to the click operation and outputs a next-level service generation control aiming at the service, wherein the next-level service generation control is used for inputting service information aiming at the service for creating the next-level service; the user inputs the service information of the next-level service through the next-level service generation control and clicks the confirmation control; and the terminal generates a service creation request message aiming at the next-level service of the service based on the operation.
In step 203, the terminal determines that the service creation request message for the next-level service of the service may also adopt other implementation manners, which is not limited in this embodiment of the present application.
In this embodiment of the present application, after the terminal creates the next-level service of the service, if the user wants to perform permission setting on the next-level service of the service, step 201 and step 202 may be repeatedly performed.
In order to facilitate a cross-layer management process for different authorities, in the embodiment of the application, the terminal may set a function of setting authorities in a cross-layer manner, such as a function of setting readable authorities in a cross-layer manner and/or a function of setting readable authorities in a cross-layer manner. The user can control the white list of readable authority of the next-level service of the cross-layer setting service and/or the white list of management authority by controlling the on-off of the function of the cross-layer setting authority.
The following describes a specific permission setting process according to an embodiment of the present application, with reference to a function of setting readable permissions across layers set by a terminal.
After step 201 is executed, when the authority of the user for the service is the management authority, the terminal determines whether a function of setting readable authority across layers is started; when the function of setting the readable permission in the cross-layer mode is not started, the terminal determines that the second permission configuration qualification is the qualification of a white list capable of setting the management permission of the next-layer service of the service; when the function of setting the readable authority in the cross-layer mode is started, the terminal determines that the second authority configuration qualification is the qualification of setting the readable authority white list and the management authority white list of the next-layer service of the service. That is to say, in this embodiment, the terminal may turn on or off the function of setting the readable permission across layers, so that the readable permission may be set only by the user having the management permission of the service at the next layer of the service when the function is turned off, and may be set by the user having the management permission of the service or the user having the management permission of the service at the next layer of the service when the function is turned on.
The method includes but is not limited to determining whether a switch sliding operation of a control started by a user for the span readable authority is received or not, or determining whether a starting instruction of the span readable authority is received or not. That is, the embodiments of the present application are not limited to specific operations for implementing related functions, and for example, the above embodiments may be implemented by operations such as sliding and clicking, or may be implemented by voice commands, gesture commands, and the like. Therefore, in the embodiment of the application, the terminal acquires the authority of the user for the service aiming at each level of the service; and when the authority of the user for the service is the management authority, determining that the user has the service creation qualification for the service. Therefore, the embodiment of the application increases the efficiency and flexibility of authority setting by distributing the authority setting mechanism to the users with the management authority of the corresponding hierarchy service, and simultaneously ensures the reliability of the service by separating the management authority and the readable authority of the service.
Please refer to fig. 4, which is a diagram illustrating a method for setting permissions according to an embodiment of the present application. The permission setting method described in the embodiment of the present application is described below by taking a big data platform system used inside an enterprise as an example. The types of services in a large data platform system are many, for example, they contain a lot of raw data and computing tasks. One of the service types is called security big data, and the security big data includes many service subclasses, such as account number, device, relationship chain, login, consumption, etc.; the service subclass also has more detailed classification, for example, the account can be subdivided into a QQ account, a WeChat account, a mailbox account, a mobile phone account, and the like. Therefore, applying the authority setting method to the secure big data, as shown in fig. 4, the secure big data can be used as a root business layer, and the management authority of the root business layer can be set by a system administrator; after the terminal or the server can execute step 201 and step 202 of the embodiment shown in fig. 3, a white list of the readable rights of the security big data is set; after the terminal or the server may perform step 203 in the embodiment shown in fig. 3, the next level service of the security big data is created: account number, device, relationship chain; setting a white list of management authority and/or a white list of readable authority of the next-level service of the security big data; correspondingly, the terminal or the server can also create the next-level service of the account, such as a QQ account, a WeChat account and a mobile phone account; and setting a white list of the management authority and/or the readable authority of the next-level service of the account.
Therefore, by the permission setting method in the embodiment of the application, the permission management system of the pyramid type services of each level as shown in fig. 4 can be created, so that a self-service permission management mode is realized, and the efficiency and flexibility of permission setting are improved.
The permission setting method provided by the embodiment of the application is explained below by taking a reporting system used in an enterprise as an example. For example, a department exists within the enterprise, and the department includes group A, group B, group C, and group D. For example, if a certain report of the group a needs to be provided for a classmate reading of the group B, the step 201 and the step 202 shown in fig. 3 need to be adopted, and a white list of the readable authority of the report of the group a, which includes the user identifier of the classmate of the group B, is set by a user with the management authority of the department through a terminal or a server.
For example, when the terminal needs to provide the report 1 of the group a to the queen readable of the group B, after determining that the xiao has the first right configuration qualification and the second right configuration qualification through steps 201 and 202 shown in fig. 3, when the user xiao having the management right of the group a selects the readable right setting option among the operation options output by the terminal, the terminal receives the right setting request message, and sets the white list having the readable right of the report 1 according to the mailbox number of the xiao carried in the right setting request message and the set white list of the readable right of the report 1, thereby realizing separate setting of the management right and the readable right, and the user having the management right of the corresponding hierarchy service can set the readable right, thereby greatly improving flexibility of the right setting.
Referring to fig. 5, fig. 5 is a schematic diagram of a service system according to an embodiment of the present invention. The service system corresponding to fig. 5 is created by using the method for setting permissions provided in the embodiment of the present application. The terminal applied by the permission setting method can execute the following steps aiming at the service:
301. creating a next level service;
302. configuring the management authority of the next level service;
303. configuring readable authority of next level service;
304. and configuring readable rights of the business of the hierarchy.
For example, assume that a system administrator may create service a and set a white list with the management authority of service a, and assume that the white list includes user a, i.e., the authority that user a has with respect to service a is the management authority. Thus, user a has a first rights configuration qualification, a second rights configuration qualification, and a service creation qualification for service a.
Specifically, the user a may set a white list of readable rights of the service a by executing step 304 through the terminal based on the first right configuration qualification; and based on the service creation qualification, the terminal executes step 301 to create the next-level service of service a, i.e. service B; and setting a white list of readable rights and/or a white list of management rights of the service B by the terminal executing the step S303 and/or the step 302 based on the second rights configuration qualification.
It is assumed that the white list of administrative rights for service B created by user a includes user B, that is, the rights user B has for service B are administrative rights. Thus, user B has a first right configuration qualification, a second right configuration qualification and a service creation qualification for service B.
Specifically, the user B may set a white list of readable rights of the service B by the terminal executing step 304 based on the first right configuration qualification; and based on the service creation qualification, the terminal executes step 301 to create a next-level service of service B, i.e. service C; setting a white list of readable rights and/or a white list of administrative rights for the service C by the terminal performing step 303 and/or step 302 based on the second rights configuration qualification.
It is assumed that the white list of administrative rights for service C created by user B includes user C, that is, the rights that user C has for service C are administrative rights. Thus, user C has a first rights configuration qualification, a second rights configuration qualification, and a service creation qualification for service C.
Specifically, the user C may set a white list of readable rights of the service C by the terminal executing step 304 based on the first right configuration qualification; and based on the service creation qualification, the terminal executes step 301 to create a next-level service of service C, i.e. service D; setting a white list of readable rights and/or a white list of administrative rights of the service D by the terminal performing step 303 and/or step 302 based on the second rights configuration qualification.
It is assumed that the white list of administrative rights for service D created by user C includes user D, that is, the rights that user D has for service D are administrative rights. Thus, the user D has a first right configuration qualification, a second right configuration qualification and a service creation qualification for the service D.
Specifically, the user D may set a white list of readable rights of the service D by the terminal executing step 304 based on the first right configuration qualification; and based on the service creation qualification, the terminal executes step 301 to create a next-level service (not shown in fig. 5) of the service D; and setting a white list of the readable rights of the next-level service of the service D and/or a white list of the management rights by the terminal according to the second rights configuration qualification by executing the step 303 and/or the step 302.
The process of configuring the readable permission of the next-level service in the foregoing steps may be performed based on the permission setting interface shown in fig. 2, and details of the embodiment of the present application are not described herein.
It can be seen that, as shown in fig. 5, a user having management authority of the same hierarchical service can set a white list of readable authority of the hierarchical service, create a next hierarchical service of the hierarchical service, and set a white list having readable authority and/or management authority for the next hierarchical service. Therefore, a pyramid-shaped authority hierarchical autonomous management mode is formed, and the flexibility and the response efficiency of authority setting are greatly improved.
Please refer to fig. 6, which is a schematic structural diagram of a permission setting apparatus according to an embodiment of the present application. The authority setting device can be arranged in a service comprising at least two levels, and each level of the service is provided with a management authority and a readable authority. Specifically, the authority setting device may include the following units:
an obtaining unit 10, configured to obtain, for each layer of service, a right that a user has for the service;
a determining unit 20, configured to determine that the user has a first right configuration qualification and a second right configuration qualification for the service when the right that the user has for the service is an administrative right.
Wherein the first permission configuration qualification is qualification of a white list capable of setting readable permission of the service; the second authority configuration qualification is qualification of setting readable authority white list and/or management authority white list of next-level business of the business.
In an optional embodiment, when the authority that the user has for the service is an administrative authority, the determining unit 20 is further configured to determine that the user has a service creation qualification for the service, where the service creation qualification is a qualification for creating a next-level service for the service.
In an optional embodiment, when the authority that the user has for the service is an administrative authority, the determining unit 20 is further configured to determine whether a function of setting readable authority across layers is turned on; when the function of setting readable permission across the layers is started, determining that the second permission configuration qualification is the qualification of a management permission white list of the next-layer service capable of setting the service; and when the function of setting the readable authority across the layers is not started, determining the second authority configuration qualification as the qualification of setting the readable authority white list and the management authority white list of the next-layer service of the service.
In the embodiment of the application, aiming at the service of each hierarchy, the authority of a user aiming at the service is obtained; when the authority of the user for the service is the management authority, determining that the user has a first authority configuration qualification and a second authority configuration qualification for the service, namely the user can set a white list of readable authority of the service, and can set a white list of readable authority of the next-level service of the service and/or a white list of management authority. Therefore, the management authority and the readable authority of each layer of service are separated, and the readable authority of the service of the layer and the readable authority and/or the management authority of the service of the next layer are set by the user with the management authority of the service in an autonomous mode, so that the flexibility of authority setting is realized, and the authority setting efficiency is improved.
Referring to fig. 7, fig. 7 is a schematic structural diagram of a permission setting device according to an embodiment of the present application. The rights setting device may be a communication device, such as a terminal or a server. For convenience of description, only the relevant parts related to the embodiments of the present invention are shown, and details of the specific technology are not disclosed, please refer to the relevant contents shown above.
As shown in fig. 7, the rights setting apparatus includes: at least one processor 100, such as a CPU, at least one input device 300, at least one output device 400, memory 500, at least one communication bus 200. Wherein a communication bus 200 is used to enable the connection communication between these components.
The input device 300 may be a key, a touch screen, or the like, and is a device for a user to perform related operations such as permission setting, for example, setting an operation of a white list of readable permissions for a next-level service. The output device 400 may be a display screen, such as a liquid crystal display, and a device for displaying an interface related to the permission setting, such as a permission setting interface. In one embodiment, the input device 102 and the output device 103 may be integrated into one device, such as a touch screen display, for implementing the functions of the input device 102 and the output device 103, respectively.
Memory 500 may comprise, for example, a high-speed RAM memory, and may also include non-volatile memory, such as at least one disk memory, for storing processing logic information. Memory 500 may optionally include at least one memory device located remotely from processor 100 as previously described. The processor 100 may incorporate the rights setting means shown in fig. 6. A set of program codes is stored in the memory 500, and the processor 100, the input device 300, and the output device 400 call the program codes stored in the memory 500 for performing the following operations:
aiming at the service of each hierarchy, acquiring the authority of a user aiming at the service;
when the authority of the user for the service is management authority, determining that the user has a first authority configuration qualification and a second authority configuration qualification for the service;
the first permission configuration qualification is qualification of a white list capable of setting readable permission of the service; the second authority configuration qualification is qualification of setting readable authority white list and/or management authority white list of next-level business of the business.
Optionally, the processor 100 is further configured to perform the following steps:
when the authority of the user for the service is management authority, determining that the user has service creation qualification for the service, wherein the service creation qualification is qualification for creating a next-level service for the service.
Optionally, the processor 100 is further configured to perform the following steps:
when the authority of the user for the service is the management authority, determining whether a function of setting readable authority across layers is started;
when the function of setting readable permission across the layers is not started, determining that the second permission configuration qualification is qualification of a white list capable of setting the management permission of the next-layer service of the service;
when the function of setting the readable authority across the layers is started, determining that the second authority configuration qualification is qualification of setting a white list of the readable authority of the next-layer service of the service and qualification of managing the white list of the authority.
Optionally, the white list of readable rights and/or the white list of management rights are determined according to a business hierarchy or a management organization architecture hierarchy.
Optionally, when the service is a service at the topmost hierarchy level, the white list of the management authority of the service is determined by a system administrator.
As can be seen, for each level of service, the authority of the user for the service is obtained; when the authority of the user for the service is the management authority, determining that the user has a first authority configuration qualification and a second authority configuration qualification for the service, namely the user can set a white list of readable authority of the service, and can set a white list of readable authority of the next-level service of the service and/or a white list of management authority. Therefore, the management authority and the readable authority of each layer of service are separated, and the readable authority of the service of the layer and the readable authority and/or the management authority of the service of the next layer are set by the user with the management authority of the service in an autonomous mode, so that the flexibility of authority setting is realized, and the authority setting efficiency is improved.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
While the invention has been described with reference to a number of embodiments, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (8)

1. An authority setting method is applied to services comprising at least two levels, wherein each level of service is provided with a management authority and a readable authority, and the method comprises the following steps:
aiming at the service of each hierarchy, acquiring the authority of a user aiming at the service;
when the authority of the user for the service is management authority, determining that the user has a first authority configuration qualification and a second authority configuration qualification for the service, and determining that the user has a service creation qualification for the service, wherein the service creation qualification is qualification for creating a next-level service for the service; the first permission configuration qualification is qualification of a white list capable of setting readable permission of the service; the second authority configuration qualification is qualification of setting a white list of readable authorities and/or a white list of management authorities of next-level services of the services; the next-level service for the service is allowed to be created according to the service information received from the terminal.
2. The method of claim 1, wherein when the user has the right to the service as an administrative right, the method further comprises:
determining whether a function of setting readable permission across layers is started;
when the function of setting readable permission across the layers is not started, determining that the second permission configuration qualification is qualification of a white list capable of setting the management permission of the next-layer service of the service;
when the function of setting the readable authority across the layers is started, determining that the second authority configuration qualification is qualification of setting a white list of the readable authority of the next-layer service of the service and qualification of managing the white list of the authority.
3. Method according to claim 1 or 2, characterized in that said whitelist of readable rights and/or said whitelist of management rights is determined according to a business hierarchy or a management organizational hierarchy.
4. The method of claim 1 or 2, wherein the white list of the management authority of the service is determined by a system administrator when the service is the topmost layer service.
5. An authority setting apparatus applied to a service including at least two levels, each level of the service being provided with a management authority and a readable authority, the apparatus comprising:
the device comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring the authority of a user for each layer of service;
a determining unit, configured to determine that the user has a first permission configuration qualification and a second permission configuration qualification for the service when the permission that the user has for the service is a management permission, and determine that the user has a service creation qualification for the service, where the service creation qualification is a qualification for creating a next-level service for the service;
the first permission configuration qualification is qualification of a white list capable of setting readable permission of the service; the second authority configuration qualification is qualification of setting a white list of readable authorities and/or a white list of management authorities of next-level services of the services; the next-level service for the service is allowed to be created according to the service information received from the terminal.
6. The apparatus according to claim 5, wherein when the authority the user has for the service is an administrative authority, the determining unit is further configured to determine whether a function of setting readable authority across layers is turned on; when the function of setting readable permission across the layers is not started, determining that the second permission configuration qualification is the qualification of a management permission white list of the next-layer service capable of setting the service; and when the function of setting the readable authority across the layers is started, determining the second authority configuration qualification as the qualification of setting the readable authority white list and the management authority white list of the next-layer service of the service.
7. An authority setting device comprising a processor and a memory;
the processor to invoke program code in the memory to perform the method of any of claims 1-4.
8. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program comprising program instructions which, when executed by a communication device, cause the communication device to carry out the method according to any one of claims 1-4.
CN201810928320.1A 2018-08-15 2018-08-15 Permission setting method and device Active CN109241727B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810928320.1A CN109241727B (en) 2018-08-15 2018-08-15 Permission setting method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810928320.1A CN109241727B (en) 2018-08-15 2018-08-15 Permission setting method and device

Publications (2)

Publication Number Publication Date
CN109241727A CN109241727A (en) 2019-01-18
CN109241727B true CN109241727B (en) 2022-02-11

Family

ID=65070410

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810928320.1A Active CN109241727B (en) 2018-08-15 2018-08-15 Permission setting method and device

Country Status (1)

Country Link
CN (1) CN109241727B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112612397B (en) * 2020-12-30 2022-08-23 广州酷狗计算机科技有限公司 Multimedia list management method, device, equipment and storage medium
CN115168300B (en) * 2022-09-05 2022-12-09 山东正中信息技术股份有限公司 Portable mobile working method and system based on file system filtering

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102096847A (en) * 2009-12-14 2011-06-15 西软软件股份有限公司 Information system based on multistage centralized and hierarchical management mode
CN102169494A (en) * 2011-04-06 2011-08-31 北京师范大学 Distributed remotely-sensed data managing system and method
CN104050401A (en) * 2013-03-12 2014-09-17 腾讯科技(深圳)有限公司 User permission management method and system
CN104751077A (en) * 2015-04-21 2015-07-01 沈文策 Access control method and device
CN107679065A (en) * 2017-08-04 2018-02-09 平安科技(深圳)有限公司 Method for exhibiting data, device and computer-readable recording medium

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006101549A2 (en) * 2004-12-03 2006-09-28 Whitecell Software, Inc. Secure system for allowing the execution of authorized computer program code
CN101446897B (en) * 2008-11-26 2012-04-18 重庆邮电大学 Resource management system based on net system business structure platform
CN102354356B (en) * 2011-09-29 2014-06-04 用友软件股份有限公司 Data authority management device and method
CN104424530A (en) * 2013-09-07 2015-03-18 镇江金软计算机科技有限责任公司 Method for realizing layering management of multilevel departments through permission setting
US10691476B2 (en) * 2015-06-27 2020-06-23 Mcafee, Llc Protection of sensitive data
CN106302492A (en) * 2016-08-23 2017-01-04 唐山新质点科技有限公司 A kind of access control method and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102096847A (en) * 2009-12-14 2011-06-15 西软软件股份有限公司 Information system based on multistage centralized and hierarchical management mode
CN102169494A (en) * 2011-04-06 2011-08-31 北京师范大学 Distributed remotely-sensed data managing system and method
CN104050401A (en) * 2013-03-12 2014-09-17 腾讯科技(深圳)有限公司 User permission management method and system
CN104751077A (en) * 2015-04-21 2015-07-01 沈文策 Access control method and device
CN107679065A (en) * 2017-08-04 2018-02-09 平安科技(深圳)有限公司 Method for exhibiting data, device and computer-readable recording medium

Also Published As

Publication number Publication date
CN109241727A (en) 2019-01-18

Similar Documents

Publication Publication Date Title
US10936274B2 (en) Selective screen sharing
US10848520B2 (en) Managing access to resources
US10764218B2 (en) Tree-type homepage system and homepage management method
US11663240B2 (en) Categorization using organizational hierarchy
US8762187B2 (en) Easy process modeling platform
US10523714B2 (en) Device policy composition and management system
JP5990264B2 (en) Policy generation system and method
US20170053014A1 (en) Records management
US12039380B2 (en) Managing and routing messages to distributed user devices in an enterprise computing environment
US11659021B2 (en) Asynchronous distributed modular function calling
CN109241727B (en) Permission setting method and device
CA2829805C (en) Managing application execution and data access on a device
CN115185697A (en) Cluster resource scheduling method, system, equipment and storage medium based on kubernets
US20220270122A1 (en) Information delivery method, apparatus, and device, and computer-readable storage medium
US9860280B1 (en) Cognitive authentication with employee onboarding
US20210374100A1 (en) Recommending remotely executed applications for opening files
CN110263006A (en) A kind of method and apparatus for downloading file on a user device
US11599235B1 (en) Mobile-generated desktop reminders
CN114996577A (en) Service management method, device, apparatus, storage medium, and program product
US11385919B1 (en) Machine image launch system
US20140068512A1 (en) Systems and methods for managing data tiers on a user interface
CN111108497A (en) Strategies based on classification of groups, teams and sites
US20210056507A1 (en) System and method for an intelligent workspace management
CN112988426A (en) Message processing method and device
CN106127026A (en) Authority configuring method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant