CN109460644A - A kind of determination method and apparatus of user right - Google Patents

A kind of determination method and apparatus of user right Download PDF

Info

Publication number
CN109460644A
CN109460644A CN201811230352.0A CN201811230352A CN109460644A CN 109460644 A CN109460644 A CN 109460644A CN 201811230352 A CN201811230352 A CN 201811230352A CN 109460644 A CN109460644 A CN 109460644A
Authority
CN
China
Prior art keywords
user
target
target user
permission
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201811230352.0A
Other languages
Chinese (zh)
Inventor
乐志能
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201811230352.0A priority Critical patent/CN109460644A/en
Publication of CN109460644A publication Critical patent/CN109460644A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • G06Q10/103Workflow collaboration or project management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Abstract

The embodiment of the invention provides a kind of determination method and apparatus of user right, this method comprises: the historical operating data of acquisition target user;User's portrait of target user is made according to historical operating data, user's portrait includes at least one of: the essential information of user, data access amount tendency chart, data access temperature figure, data access increment tendency chart, user right change record table;It is drawn a portrait according to user and determines the permission of target user.Therefore, technical solution provided in an embodiment of the present invention is able to solve the problem of manually assigning permission low efficiency to user in the prior art.

Description

A kind of determination method and apparatus of user right
[technical field]
The present invention relates to technical field of data processing more particularly to a kind of determination method and apparatus of user right.
[background technique]
In the work of rights management at present, mostly it is that administrative staff are configured according to the permission that user needs, then assigns Correlation function permission manually assigns permission to user and takes time and effort very much, efficiency is very low when number of users is very big.
[summary of the invention]
In view of this, the embodiment of the invention provides a kind of determination method and apparatus of user right, it is existing to solve The problem of technology manually assigns permission low efficiency to user.
On the one hand, the embodiment of the invention provides a kind of determination methods of user right, which comprises acquisition target The historical operating data of user;User's portrait of the target user is made according to the historical operating data, the user draws As including at least one of: the essential information of user, data access amount tendency chart, data access temperature figure, data access increase Measure tendency chart, user right change record table;It is drawn a portrait according to the user and determines the permission of the target user.
Further, the user for making the target user according to the historical operating data draws a portrait, comprising: obtains The operation data of the target user of operation log recording table record;Obtain identification information, the duty of the target user Position title, department name;According to the identification information, the position title, the department name by the target user Operation data carry out completion, obtain the historical operating data;The target user is made according to the historical operating data User portrait.
Further, after the permission for determining the target user of being drawn a portrait described according to the user, the method is also It include: to judge whether the job information of the target user has been updated;If the job information of the target user is more Newly, then the permission of the target user is adjusted according to updated job information.
Further, the permission that the target user is adjusted according to updated job information, comprising: by the mesh The updated position of user is marked as target position;Query history position is at least one historical user of the target position; The historical user is inquired in the history permission of the target position;According to the historical user the target position history Permission determines the reference permission of the target position;The power of the target user is adjusted according to the reference permission of the target position Limit.
Further, after the permission for determining the target user of being drawn a portrait described according to the user, the method is also It include: use data of the acquisition target user to permission;Judge the target user to permission using data according to described Frequency of use whether reach predeterminated frequency;If the target user does not reach the default frequency to the frequency of use of permission Rate is then adjusted the permission of the target user according to frequency of use of the target user to permission.
Further, user's portrait of the target user includes the data access amount tendency chart of the target user, institute State the data access temperature figure of target user, the data access increment tendency chart of the target user, the target user use Family permission modification record sheet, the user for making the target user according to the historical operating data draw a portrait, comprising: according to The historical operating data obtains the number that the target user accesses to the data in database in preset time section, Time the data access amount tendency chart of the target user will be drawn using the number of access as ordinate as abscissa;Root The target user is obtained in the preset time section to each data entry in the database according to the historical operating data The name of each data entry described in the database is referred to as abscissa by the number of access, is sat using the number of access as vertical Mark, draws the data access temperature figure of the target user;The target user is obtained in institute according to the historical operating data Preset time section is stated to the increment of each data entry access times described in the database, it will be each described in the database The name of data entry is referred to as abscissa, using the increment to each data entry access times as ordinate, described in drafting The data access increment tendency chart of target user;The target user is obtained when described default according to the historical operating data Between section permission modification the case where, and make according to the case where permission modification the user right change record of the target user Table.
On the one hand, the embodiment of the invention provides a kind of determining device of user right, described device includes: the first acquisition Unit, for acquiring the historical operating data of target user;Production unit, for according to historical operating data production The user of target user draws a portrait, and user's portrait includes at least one of: essential information, the data access amount trend of user Figure, data access temperature figure, data access increment tendency chart, user right change record table;Determination unit, for according to User, which draws a portrait, determines the permission of the target user.
Further, the production unit includes: the first acquisition subelement, for obtaining operation log recording table record The operation data of the target user;Second obtains subelement, for obtaining identification information, the position of the target user Title, department name;Completion subelement, for being incited somebody to action according to the identification information, the position title, the department name The operation data of the target user carries out completion, obtains the historical operating data;Subelement is made, for going through according to History operation data makes user's portrait of the target user.
Further, described device further include: the first judging unit, for being drawn in the determination unit according to the user After permission as determining the target user, judge whether the job information of the target user has been updated;The first adjustment Unit adjusts the mesh according to updated job information if the job information for the target user has been updated Mark the permission of user.
Further, the first adjustment unit include: first determine subelement, for will the target user update after Position as target position;First inquiry subelement is gone through for query history position at least one of the target position History user;Second inquiry subelement, for inquiring the historical user in the history permission of the target position;Second determines son Unit, for determining the reference permission of the target position in the history permission of the target position according to the historical user; Subelement is adjusted, for adjusting the permission of the target user according to the reference permission of the target position.
Further, described device further include: the second acquisition unit, for being drawn in the determination unit according to the user After permission as determining the target user, the target user is acquired to the use data of permission;Second judgment unit is used In judging whether the target user reaches predeterminated frequency to the frequency of use of permission using data according to described;Second adjustment list Member is used if not reaching the predeterminated frequency for frequency of use of the target user to permission according to the target Family is adjusted the frequency of use of permission to the permission of the target user.
Further, user's portrait of the target user includes the data access amount tendency chart of the target user, institute State the data access temperature figure of target user, the data access increment tendency chart of the target user, the production subelement, packet It includes: the first drafting module, for obtaining the target user in preset time section to data according to the historical operating data The number that data in library access will draw the target using the number of access as ordinate as abscissa the time The data access amount tendency chart of user;Second drafting module, for obtaining the target user according to the historical operating data In the number that the preset time section accesses data entry each in the database, by each data described in the database The name of entry is referred to as abscissa, using the number of access as ordinate, draws the data access temperature figure of the target user; Third drafting module, for obtaining the target user in the preset time section to described according to the historical operating data The name of each data entry described in the database is referred to as cross by the increment of each data entry access times described in database Coordinate, using the increment to each data entry access times as ordinate, the data access for drawing the target user increases Measure tendency chart;Module is made, for obtaining the target user in the preset time section according to the historical operating data The case where permission modification, and make according to the case where permission modification the user right change record table of the target user.
On the one hand, the embodiment of the invention provides a kind of storage medium, the storage medium includes the program of storage, In, equipment where controlling the storage medium in described program operation executes the determination method of above-mentioned user right.
On the one hand, the embodiment of the invention provides a kind of server, including memory and processor, the memory is used for Storage includes the information of program instruction, and the processor is used to control the execution of program instruction, and described program is instructed by processor The step of loading and realizing the determination method of above-mentioned user right when executing.
In the present solution, making user's portrait according to the historical operating data of user, user's portrait includes at least one of: The essential information of user, data access amount tendency chart, data access temperature figure, data access increment tendency chart, user right become More record sheet draws a portrait according to user and determines the permission of user, avoids the problem of manual method determines user right low efficiency, reach The technical effect for improving the efficiency for determining user right is arrived.
[Detailed description of the invention]
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below will be to needed in the embodiment attached Figure is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for this field For those of ordinary skill, without any creative labor, it can also be obtained according to these attached drawings other attached Figure.
Fig. 1 is a kind of flow chart of the determination method of user right provided in an embodiment of the present invention;
Fig. 2 is a kind of schematic diagram of the determining device of user right provided in an embodiment of the present invention.
[specific embodiment]
For a better understanding of the technical solution of the present invention, being retouched in detail to the embodiment of the present invention with reference to the accompanying drawing It states.
It will be appreciated that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.Base Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts it is all its Its embodiment, shall fall within the protection scope of the present invention.
The term used in embodiments of the present invention is only to be not intended to be limiting merely for for the purpose of describing particular embodiments The present invention.In the embodiment of the present invention and the "an" of singular used in the attached claims, " described " and "the" It is also intended to including most forms, unless the context clearly indicates other meaning.
It should be appreciated that term "and/or" used herein is only a kind of incidence relation for describing affiliated partner, indicate There may be three kinds of relationships, for example, A and/or B, can indicate: individualism A, exist simultaneously A and B, individualism B these three Situation.In addition, character "/" herein, typicallys represent the relationship that forward-backward correlation object is a kind of "or".
The embodiment of the invention provides a kind of determination methods of user right, as shown in Figure 1, this method includes following step It is rapid:
Step S102 acquires the historical operating data of target user.
Step S104, according to historical operating data make target user user draw a portrait, user portrait include it is following at least One of: the essential information of user, data access amount tendency chart, data access temperature figure, data access increment tendency chart, Yong Huquan Limit change record table.
Step S106 draws a portrait according to user and determines the permission of target user.
The essential information of user includes the information such as user name, user type, place position, registion time, User Status.
Data access amount tendency chart is since registion time, and user is to data access number in database as the time becomes The trend of change, the dimension showed are time and data acess control number.
Data access temperature figure is system of the user to data entry access times each in database since registion time Meter can filter out 10, preceding 30, preceding 100 data entry before access times according to different condition, and the dimension showed is data strip Mesh title and access times.
Data access increment tendency chart is since registion time, and user is to data entry access times each in database Accrual accounting situation, the dimension showed are data entry title and access increment.
User right change record table is the alteration statistical form of the permission of user since registion time.
In the present solution, making user's portrait according to the historical operating data of user, user's portrait includes at least one of: The essential information of user, data access amount tendency chart, data access temperature figure, data access increment tendency chart, user right become More record sheet draws a portrait according to user and determines the permission of user, avoids the problem of manual method determines user right low efficiency, reach The technical effect for improving the efficiency for determining user right is arrived.
User's portrait of target user includes the data access heat of the data access amount tendency chart of target user, target user Spend figure, the data access increment tendency chart of target user, target user user right change record table, according to historical operation number According to user's portrait of production target user, it can specifically include following steps:
Obtain what target user accessed to the data in database in preset time section according to historical operating data Number will draw the data access amount tendency chart of target user using the number of access as ordinate as abscissa the time;
Obtain what target user accessed data entry each in database in preset time section according to historical operating data Data entry name each in database is referred to as abscissa, using the number of access as ordinate, draws target user's by number Data access temperature figure;
Target user is obtained in preset time section to data entry each in database access time according to historical operating data Data entry name each in database is referred to as abscissa by several increments, using the increment to each data entry access times as Ordinate draws the data access increment tendency chart of target user;
Target user is obtained the permission modification of preset time section the case where according to historical operating data, makes target user User right change record table.
It is drawn a portrait according to user and determines that the permission of target user, detailed process can be such that
In the case where the data access amount tendency chart of position and target user of user's portrait including target user, inquiry History permission of the historical user in the position;The reference power of the position is determined in the history permission of the position according to historical user Limit;Judge whether the data access amount tendency chart of target user shows amount of access in increasing trend;If the data of target user Amount of access tendency chart shows amount of access in increasing trend, then using the permission more one level higher than reference permission as target user's Permission;If the data access amount tendency chart of target user shows that amount of access remains unchanged or tapers off substantially in different time Trend, then using reference permission as the permission of target user.If the data access amount tendency chart of target user shows amount of access In increasing trend, then illustrate that the demand of target user's access database is bigger, then the permission of target user can be set greatly It is some.
In the case where user's portrait includes the position and data access increment tendency chart of target user, query history user In the history permission of the position;The reference permission of the position is determined in the history permission of the position according to historical user;According to mesh The data access increment tendency chart of mark user filters out the access increment in preset time section space aim user greater than preset increments The data entry of threshold value;If the quantity of the data entry filtered out is greater than or equal to preset threshold, will be higher than reference permission Permission of the permission of one rank as target user;It, will if the quantity of the data entry filtered out is less than preset threshold Permission with reference to permission as target user.If the quantity of the data entry filtered out is greater than or equal to preset threshold, say Improving eyesight mark is frequently visited by the user certain data entries in database, the demand for accessing database is bigger, then target user Permission can be set larger.
As an alternative embodiment, being drawn a portrait according to the user that historical operating data makes target user, comprising: obtain The operation data of the target user of extract operation log recording table record;Obtain the identification information of target user, position title, Department name;The operation data of target user is carried out according to the identification information of target user, position title, department name Completion obtains historical operating data;User's portrait of target user is made according to historical operating data.
In general application system all can operation behavior to user, operation object, operating result these situations remember Record, and be stored in the operation log recording table of database, the foundation abnormal as analysis when occurring abnormal or user's row For the foundation of analysis.The structure of operation log recording table generally comprises User Identity information, user name, operating time, behaviour Make behavior, operation object, operation content, operating result etc..But the data in operation log recording table are not necessarily complete, so just It needs the Supplementing Data in operation log recording table through the identification information of user, position title, department name.
As an alternative embodiment, judging target after the permission for determining target user of drawing a portrait according to user Whether the job information of user has been updated;If the job information of target user has been updated, according to updated position The permission of information adjustment target user.
By adjusting the permission of user according to more newly arriving for the position of user in time, for example, if the position of user rises, Then suitably increase the permission of user;If the position of user declines, the appropriate permission for reducing user so that the permission of user with The position of user matches, and user is facilitated to carry out the work, and has achieved the effect that timely adjustment user right.
As an alternative embodiment, adjusting the permission of target user according to updated job information, comprising: will The updated position of target user is as target position;Query history position is at least one historical user of target position;It looks into Historical user is ask in the history permission of target position;Target position is determined in the history permission of target position according to historical user With reference to permission;The permission of target user is adjusted according to the reference permission of target position.
For example, the updated position of target user is general manager, then using this position of general manager as target position, inquiry Which the people for once serving as general manager has, it is assumed that inquiry obtains the first and second the third three people, then these three people be general manager this The historical user of position, the first and second the third three user rights of the people during serving as general manager of inquiry, the permission that inquiry is obtained are made For the reference permission of this position of general manager, according to the permission of the reference permission adjustment target user of general manager this position.
Historical user by inquiring target position had any permission, by the permission inquired as a reference to adjustment The permission of target user has achieved the purpose that according to post adjustment user right, so that user right matches with position.
The permission of target user is determined as an alternative embodiment, drawing a portrait according to user, comprising: acquisition target is used Use data of the family to permission;According to using data to judge whether target user reaches predeterminated frequency to the frequency of use of permission; If target user does not reach predeterminated frequency to the frequency of use of permission, according to target user to the frequency of use pair of permission The permission of target user is adjusted.
If the activity of the user reduces, suitably user right can be turned down, ensure that user right use Information Security is improved in convenient situation.
In the present solution, the data generated to user's operation are acquired, production user's portrait is drawn a portrait according to user and is determined User right avoids the artificial inefficient and subjectivity for determining user right.In the case where the position of user changes, root User right is updated according to the position after variation, so that user right and position match, the case where the activity of the user reduces Under, suitably user right being turned down, Information Security is further improved in the case where ensure that user right is easy to use.
Rights Management System is mostly the priority assignation role that administrative staff need according to user at present, is then assigned related Function privilege;Permission Levels provide permission based on the subjectivity of administrative staff in this way, so that most of user right is excessive, cause not Necessary security risk.
The embodiment of the present invention is led to by collecting the information such as user's routine work content information and user's relevant station, position Cross the user right list that suggestion is provided to these data minings, analysis;Then system manager is according to the permissions list of suggestion Give user's associated rights;Permissions list recommendation process include: data acquisition (including user's routine work information, post position letter Breath, permissions list information etc.), data processing (drawing a portrait to user behavior), intelligent engine recommend permissions list (first retrieval use Family needs any permission, needs to be given to this user further according to those permissions, is then adjusted according to factors such as user's daily behaviors Permissions list), the excessive problem of user right is avoided, has ensured Information Security.
The embodiment of the invention provides a kind of determining device of user right, the device is for executing above-mentioned user right Method is determined, as shown in Fig. 2, the device includes: the first acquisition unit 10, production unit 20, determination unit 30.
First acquisition unit 10, for acquiring the historical operating data of target user.
Production unit 20, for according to historical operating data make target user user draw a portrait, user portrait include with It is at least one lower: the essential information of user, data access amount tendency chart, data access temperature figure, data access increment tendency chart, User right change record table.
Determination unit 30 determines the permission of target user for drawing a portrait according to user.
The essential information of user includes the information such as user name, user type, place position, registion time, User Status.
Data access amount tendency chart is since registion time, and user is to data access number in database as the time becomes The trend of change, the dimension showed are time and data acess control number.
Data access temperature figure is system of the user to data entry access times each in database since registion time Meter can filter out 10, preceding 30, preceding 100 data entry before access times according to different condition, and the dimension showed is data strip Mesh title and access times.
Data access increment tendency chart is since registion time, and user is to data entry access times each in database Accrual accounting situation, the dimension showed are data entry title and access increment.
User right change record table is the alteration statistical form of the permission of user since registion time.
In the present solution, making user's portrait according to the historical operating data of user, user's portrait includes at least one of: The essential information of user, data access amount tendency chart, data access temperature figure, data access increment tendency chart, user right become More record sheet draws a portrait according to user and determines the permission of user, avoids the problem of manual method determines user right low efficiency, reach The technical effect for improving the efficiency for determining user right is arrived.
Optionally, production unit 20 includes: the first acquisition subelement, the second acquisition subelement, completion subelement, production Unit.First obtains subelement, the operation data of the target user for obtaining operation log recording table record.Second obtains son Unit, for obtaining identification information, the position title, department name of target user.Completion subelement, for according to identity The operation data of target user is carried out completion by identification information, position title, department name, obtains historical operating data.Production Subelement, the user for making target user according to historical operating data draw a portrait.
In general application system all can operation behavior to user, operation object, operating result these situations remember Record, and be stored in the operation log recording table of database, the foundation abnormal as analysis when occurring abnormal or user's row For the foundation of analysis.The structure of operation log recording table generally comprises User Identity information, user name, operating time, behaviour Make behavior, operation object, operation content, operating result etc..But the data in operation log recording table are not necessarily complete, so just It needs the Supplementing Data in operation log recording table through the identification information of user, position title, department name.
Optionally, user's portrait of target user includes the number of the data access amount tendency chart of target user, target user According to access temperature figure, the data access increment tendency chart of target user.Make subelement, comprising: the first drafting module, second are drawn Molding block, third drafting module, production module.
First drafting module, for obtaining target user in preset time section in database according to historical operating data The number that accesses of data, the time will draw the number of target user using the number of access as ordinate as abscissa According to amount of access tendency chart.
Second drafting module, for obtaining target user in preset time section in database according to historical operating data The number of each data entry access, is referred to as abscissa for the name of data entry each in database, using the number of access as vertical Coordinate draws the data access temperature figure of target user.
Third drafting module, for obtaining target user in preset time section in database according to historical operating data The name of data entry each in database is referred to as abscissa by the increment of each data entry access times, will be to each data entry The increment of access times draws the data access increment tendency chart of target user as ordinate.
Module is made, for obtaining target user in the feelings of preset time section permission modification according to historical operating data Condition, and according to the user right change record table for making target user the case where permission modification.
Determination unit 30 is drawn a portrait according to user determines that the permission of target user, detailed process can be such that
In the case where the data access amount tendency chart of position and target user of user's portrait including target user, inquiry History permission of the historical user in the position;The reference power of the position is determined in the history permission of the position according to historical user Limit;Judge whether the data access amount tendency chart of target user shows amount of access in increasing trend;If the data of target user Amount of access tendency chart shows amount of access in increasing trend, then using the permission more one level higher than reference permission as target user's Permission;If the data access amount tendency chart of target user shows that amount of access remains unchanged or tapers off substantially in different time Trend, then using reference permission as the permission of target user.If the data access amount tendency chart of target user shows amount of access In increasing trend, then illustrate that the demand of target user's access database is bigger, then the permission of target user can be set greatly It is some.
In the case where user's portrait includes the position and data access increment tendency chart of target user, query history user In the history permission of the position;The reference permission of the position is determined in the history permission of the position according to historical user;According to mesh The data access increment tendency chart of mark user filters out the access increment in preset time section space aim user greater than preset increments The data entry of threshold value;If the quantity of the data entry filtered out is greater than or equal to preset threshold, will be higher than reference permission Permission of the permission of one rank as target user;It, will if the quantity of the data entry filtered out is less than preset threshold Permission with reference to permission as target user.If the quantity of the data entry filtered out is greater than or equal to preset threshold, say Improving eyesight mark is frequently visited by the user certain data entries in database, the demand for accessing database is bigger, then target user Permission can be set larger.
Optionally, device further include: the first judging unit, the first adjustment unit.First judging unit, for determining list Member 30 is drawn a portrait according to user after the permission for determining target user, judges whether the job information of target user has been updated.The One adjustment unit adjusts target according to updated job information if the job information for target user has been updated The permission of user.
By adjusting the permission of user according to more newly arriving for the position of user in time, for example, if the position of user rises, Then suitably increase the permission of user;If the position of user declines, the appropriate permission for reducing user so that the permission of user with The position of user matches, and user is facilitated to carry out the work, and has achieved the effect that timely adjustment user right.
Optionally, the first adjustment unit include: first determine subelement, first inquiry subelement, second inquiry subelement, Second determines subelement, adjustment subelement.First determines subelement, for using the updated position of target user as target duty Position.First inquiry subelement is at least one historical user of target position for query history position.Second inquiry is single Member, for query history user target position history permission.Second determines subelement, is used for according to historical user in target The history permission of position determines the reference permission of target position.Subelement is adjusted, for the reference permission tune according to target position The permission of whole target user.
For example, the updated position of target user is general manager, then using this position of general manager as target position, inquiry Which the people for once serving as general manager has, it is assumed that inquiry obtains the first and second the third three people, then these three people be general manager this The historical user of position, the first and second the third three user rights of the people during serving as general manager of inquiry, the permission that inquiry is obtained are made For the reference permission of this position of general manager, according to the permission of the reference permission adjustment target user of general manager this position.
Historical user by inquiring target position had any permission, by the permission inquired as a reference to adjustment The permission of target user has achieved the purpose that according to post adjustment user right, so that user right matches with position.
Optionally, device further include: the second acquisition unit, second judgment unit, second adjustment unit.Second acquisition is single Member, for after determination unit 30 draws a portrait the permission for determining target user according to user, acquisition target user to make permission Use data.Second judgment unit, for according to using data to judge whether target user reaches default to the frequency of use of permission Frequency.Second adjustment unit, if not reaching predeterminated frequency for frequency of use of the target user to permission, according to target User is adjusted the frequency of use of permission to the permission of target user.
If the activity of the user reduces, suitably user right can be turned down, ensure that user right use Information Security is improved in convenient situation.
In the present solution, the data generated to user's operation are acquired, production user's portrait is drawn a portrait according to user and is determined User right avoids the artificial inefficient and subjectivity for determining user right.In the case where the position of user changes, root User right is updated according to the position after variation, so that user right and position match, the case where the activity of the user reduces Under, suitably user right being turned down, Information Security is further improved in the case where ensure that user right is easy to use.
The embodiment of the invention provides a kind of storage medium, storage medium includes the program of storage, wherein is run in program When control the storage medium where equipment execute the determination method of above-mentioned user right.
The embodiment of the invention provides a kind of server, including memory and processor, memory includes journey for storing The information of sequence instruction, processor are used to control the execution of program instruction, realize when program instruction is loaded and executed by processor The step of determination method for the user right stated.
In the present solution, making user's portrait according to the historical operating data of user, user's portrait includes at least one of: The essential information of user, data access amount tendency chart, data access temperature figure, data access increment tendency chart, user right become More record sheet draws a portrait according to user and determines the permission of user, avoids the problem of manual method determines user right low efficiency, reach The technical effect for improving the efficiency for determining user right is arrived.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description, The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In several embodiments provided by the present invention, it should be understood that disclosed system, device and method can be with It realizes by another way.For example, the apparatus embodiments described above are merely exemplary, for example, the unit It divides, only a kind of logical function partition, there may be another division manner in actual implementation, for example, multiple units or group Part can be combined or can be integrated into another system, or some features can be ignored or not executed.Another point, it is shown Or the mutual coupling, direct-coupling or communication connection discussed can be through some interfaces, device or unit it is indirect Coupling or communication connection can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list Member both can take the form of hardware realization, can also realize in the form of hardware adds SFU software functional unit.
The above-mentioned integrated unit being realized in the form of SFU software functional unit can store and computer-readable deposit at one In storage media.Above-mentioned SFU software functional unit is stored in a storage medium, including some instructions are used so that a computer It is each that device (can be personal computer, server or network equipment etc.) or processor (Processor) execute the present invention The part steps of embodiment the method.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (Read- Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic or disk etc. it is various It can store the medium of program code.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all in essence of the invention Within mind and principle, any modification, equivalent substitution, improvement and etc. done be should be included within the scope of the present invention.

Claims (10)

1. a kind of determination method of user right, which is characterized in that the described method includes:
Acquire the historical operating data of target user;
Make user's portrait of the target user according to the historical operating data, user portrait include it is following at least it One: the essential information of user, data access amount tendency chart, data access temperature figure, data access increment tendency chart, user right Change record table;
It is drawn a portrait according to the user and determines the permission of the target user.
2. the method according to claim 1, wherein described make the target according to the historical operating data The user of user draws a portrait, comprising:
Obtain the operation data of the target user of operation log recording table record;
Obtain identification information, the position title, department name of the target user;
According to the identification information, the position title, the department name by the operation data of the target user into Row completion obtains the historical operating data;
User's portrait of the target user is made according to the historical operating data.
3. the method according to claim 1, wherein determining that the target is used in described draw a portrait according to the user After the permission at family, the method also includes:
Judge whether the job information of the target user has been updated;
If the job information of the target user has been updated, the target user is adjusted according to updated job information Permission.
4. according to the method described in claim 3, it is characterized in that, described adjust the target according to updated job information The permission of user, comprising:
Using the updated position of the target user as target position;
Query history position is at least one historical user of the target position;
The historical user is inquired in the history permission of the target position;
The reference permission of the target position is determined in the history permission of the target position according to the historical user;
The permission of the target user is adjusted according to the reference permission of the target position.
5. according to the method described in claim 2, it is characterized in that, user's portrait of the target user includes that the target is used The data access amount tendency chart at family, the data access temperature figure of the target user, the target user data access increment Tendency chart, the target user user right change record table, it is described that the target is made according to the historical operating data The user of user draws a portrait, comprising:
The target user is obtained according to the historical operating data to visit the data in database in preset time section The number asked will draw the data access amount of the target user using the number of access as ordinate as abscissa the time Tendency chart;
The target user is obtained in the preset time section to each number in the database according to the historical operating data According to the number that entry accesses, the name of each data entry described in the database is referred to as abscissa, the number of access is made For ordinate, the data access temperature figure of the target user is drawn;
The target user is obtained in the preset time section to described in the database according to the historical operating data The name of each data entry described in the database is referred to as abscissa by the increment of each data entry access times, will be to institute The increment of each data entry access times is stated as ordinate, draws the data access increment tendency chart of the target user;
The target user is obtained the preset time section permission modification the case where according to the historical operating data, and root The user right change record table of the target user is made according to the case where permission modification.
6. a kind of determining device of user right, which is characterized in that described device includes:
First acquisition unit, for acquiring the historical operating data of target user;
Production unit, the user for making the target user according to the historical operating data draw a portrait, user's portrait Including at least one of: the essential information of user, data access amount tendency chart, data access temperature figure, data access increment Tendency chart, user right change record table;
Determination unit determines the permission of the target user for drawing a portrait according to the user.
7. device according to claim 6, which is characterized in that the production unit includes:
First obtains subelement, the operation data of the target user for obtaining operation log recording table record;
Second obtains subelement, for obtaining identification information, the position title, department name of the target user;
Completion subelement, for being used the target according to the identification information, the position title, the department name The operation data at family carries out completion, obtains the historical operating data;
Subelement is made, the user for making the target user according to the historical operating data draws a portrait.
8. device according to claim 6, which is characterized in that described device further include:
First judging unit, for the determination unit drawn a portrait according to the user determine the target user permission it Afterwards, judge whether the job information of the target user has been updated;
The first adjustment unit is believed if the job information for the target user has been updated according to updated position Breath adjusts the permission of the target user.
9. a kind of storage medium, which is characterized in that the storage medium includes the program of storage, wherein run in described program When control the storage medium where equipment perform claim require any one of 1 to 5 described in user right determination method.
10. a kind of server, including memory and processor, the memory is for storing the information including program instruction, institute Processor is stated for controlling the execution of program instruction, it is characterised in that: described program instruction is real when being loaded and executed by processor The step of determination method of user right described in existing claim 1 to 5 any one.
CN201811230352.0A 2018-10-22 2018-10-22 A kind of determination method and apparatus of user right Withdrawn CN109460644A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811230352.0A CN109460644A (en) 2018-10-22 2018-10-22 A kind of determination method and apparatus of user right

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811230352.0A CN109460644A (en) 2018-10-22 2018-10-22 A kind of determination method and apparatus of user right

Publications (1)

Publication Number Publication Date
CN109460644A true CN109460644A (en) 2019-03-12

Family

ID=65608111

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811230352.0A Withdrawn CN109460644A (en) 2018-10-22 2018-10-22 A kind of determination method and apparatus of user right

Country Status (1)

Country Link
CN (1) CN109460644A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110069911A (en) * 2019-04-19 2019-07-30 奇安信科技集团股份有限公司 Access control method, device, system, electronic equipment and readable storage medium storing program for executing
CN110362974A (en) * 2019-05-31 2019-10-22 杭州恩牛网络技术有限公司 Service gray scale dissemination method, device, medium and electronic equipment
CN110489253A (en) * 2019-07-05 2019-11-22 中国平安财产保险股份有限公司 Data processing method, device, equipment and computer readable storage medium
CN111767574A (en) * 2020-06-28 2020-10-13 北京天融信网络安全技术有限公司 User permission determining method and device, electronic equipment and readable storage medium
CN111966995A (en) * 2020-08-17 2020-11-20 福建工程学院 User permission dynamic control method and device based on user behavior and equipment
CN112182651A (en) * 2020-09-25 2021-01-05 合肥工业大学 Authority control method and device
CN114287121A (en) * 2019-11-20 2022-04-05 深圳市欢太科技有限公司 User portrait authority management method, device, server and storage medium

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110069911A (en) * 2019-04-19 2019-07-30 奇安信科技集团股份有限公司 Access control method, device, system, electronic equipment and readable storage medium storing program for executing
CN110069911B (en) * 2019-04-19 2021-05-14 奇安信科技集团股份有限公司 Access control method, device, system, electronic equipment and readable storage medium
CN110362974A (en) * 2019-05-31 2019-10-22 杭州恩牛网络技术有限公司 Service gray scale dissemination method, device, medium and electronic equipment
CN110489253A (en) * 2019-07-05 2019-11-22 中国平安财产保险股份有限公司 Data processing method, device, equipment and computer readable storage medium
CN114287121A (en) * 2019-11-20 2022-04-05 深圳市欢太科技有限公司 User portrait authority management method, device, server and storage medium
CN111767574A (en) * 2020-06-28 2020-10-13 北京天融信网络安全技术有限公司 User permission determining method and device, electronic equipment and readable storage medium
CN111966995A (en) * 2020-08-17 2020-11-20 福建工程学院 User permission dynamic control method and device based on user behavior and equipment
CN112182651A (en) * 2020-09-25 2021-01-05 合肥工业大学 Authority control method and device

Similar Documents

Publication Publication Date Title
CN109460644A (en) A kind of determination method and apparatus of user right
CN103577483B (en) The method and system of date storage method and system and data access
CA2053969C (en) Method and apparatus for controlling the deferred execution of user requests in a data processing system
US20210011903A1 (en) Method, system, apparatus, and computer-readable storage medium for sharing account resources
CN113342603B (en) Alarm data processing method and device, computer equipment and storage medium
CN111199028A (en) Resource information access method and device, computer equipment and storage medium
DE102011011712A1 (en) A device for designing an electronic device, a program for designing an electrical device, and a method for designing an electrical device
CN109819098A (en) Menu option display methods, server, system and computer readable storage medium
CN113467314B (en) Information security risk assessment system and method based on big data and edge calculation
CN107832333A (en) Method and system based on distributed treatment and DPI data structure user network data fingerprint
CN106844497A (en) The check device and method of a kind of database code
CN108073408A (en) The method for updating system and device of self-aided terminal
CN116610040B (en) Intelligent household appliance control method, system and device based on Internet of things
CN110517372A (en) A kind of biological information processing method and processing device
CN111177700A (en) Method and device for controlling row-level authority
CN107277095A (en) session dividing method and device
US7739300B2 (en) System and method for processing a prioritizing protocol
CN112035201B (en) Device parameter display method and device, computer device and storage medium
US9128772B2 (en) Performance optimization through run-time quality governance
CN113655967A (en) Method and device for deleting disk, electronic equipment and computer storage medium
CN112463233A (en) System configuration method, system, device and medium
CN109492376A (en) Control method, device and the fort machine of equipment access authority
US8019955B2 (en) Information processing apparatus and computer readable medium
CN113055337B (en) Method, device, storage medium and terminal for setting authority based on user requirements
CN110825696A (en) Processing method and processing device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20190312

WW01 Invention patent application withdrawn after publication