CN110147657A - A kind of user right configuration method and device - Google Patents
A kind of user right configuration method and device Download PDFInfo
- Publication number
- CN110147657A CN110147657A CN201910307153.3A CN201910307153A CN110147657A CN 110147657 A CN110147657 A CN 110147657A CN 201910307153 A CN201910307153 A CN 201910307153A CN 110147657 A CN110147657 A CN 110147657A
- Authority
- CN
- China
- Prior art keywords
- permission
- authority
- user
- affiliated
- preset
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 82
- 230000008569 process Effects 0.000 claims abstract description 38
- 230000004044 response Effects 0.000 claims abstract description 12
- 230000001960 triggered effect Effects 0.000 claims abstract description 5
- 230000006870 function Effects 0.000 claims description 31
- 230000015654 memory Effects 0.000 claims description 20
- 238000004590 computer program Methods 0.000 claims description 8
- 238000012545 processing Methods 0.000 claims description 8
- 238000000605 extraction Methods 0.000 claims description 4
- 238000003058 natural language processing Methods 0.000 claims description 4
- 238000013473 artificial intelligence Methods 0.000 abstract description 2
- 238000012360 testing method Methods 0.000 description 16
- 238000001514 detection method Methods 0.000 description 4
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 239000000284 extract Substances 0.000 description 3
- 238000012356 Product development Methods 0.000 description 2
- 238000013528 artificial neural network Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000012790 confirmation Methods 0.000 description 2
- 230000008878 coupling Effects 0.000 description 2
- 230000006872 improvement Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/10—Office automation; Time management
- G06Q10/105—Human resources
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Human Resources & Organizations (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Strategic Management (AREA)
- Entrepreneurship & Innovation (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Economics (AREA)
- Marketing (AREA)
- Operations Research (AREA)
- Quality & Reliability (AREA)
- Tourism & Hospitality (AREA)
- General Business, Economics & Management (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention provides a kind of user right configuration method and devices, and the present invention relates to field of artificial intelligence, method includes: to request in response to authority application, obtain the job information of the user of permission to be allocated;The keyword in job information is extracted, and the affiliated function of user, affiliated position are obtained according to Keywords matching;Matched permission packet is obtained according to the affiliated function of user, permission packet includes the authority set of at least one position, wherein the application logic of multiple permissions in authority set is identical;The matched authority set of position is obtained from permission packet according to the affiliated position of user;Permission approval process, and the permission based on permission approval process configuration user are triggered according to the application logic of the matched authority set of position and authority application request.Technical solution provided in an embodiment of the present invention is able to solve the problem of authority configuration low efficiency in the prior art.
Description
[technical field]
The present invention relates to field of artificial intelligence more particularly to a kind of user right configuration method and devices.
[background technique]
Currently, having many new person's registrations daily as company organization's framework constantly complicates, also someone leaves office, permission pipe
Reason personnel are accomplished manually the configuration of permission, and approving person is also required to examine the configuration of various permissions, and workload is huge, hold
It easily goes wrong, therefore the efficiency for how improving authority configuration becomes current urgent problem to be solved.
[summary of the invention]
In view of this, the embodiment of the invention provides a kind of user right configuration method and devices, to solve existing skill
In art the problem of authority configuration low efficiency.
To achieve the goals above, according to an aspect of the invention, there is provided a kind of user right configuration method, described
Method includes:
It is requested in response to authority application, obtains the job information of the user of permission to be allocated;It extracts in the job information
Keyword, and the affiliated function of the user, affiliated position are obtained according to the Keywords matching;According to the institute of the user
Category department obtains matched permission packet, and the permission packet includes the authority set of at least one position, wherein in the authority set
The application logic of multiple permissions is identical;The matched permission of position is obtained from the permission packet according to the affiliated position of the user
Collection;Permission approval process, and base are triggered according to the application logic of the matched authority set of the position and authority application request
The permission of the user is configured in the permission approval process.
Further, before the matched permission packet according to the acquisition of the affiliated function of the user, the method is also
Include:
Obtain multiple authority application records;The keyword in each authority application record is extracted, obtains applicant's
Affiliated function, affiliated position and permission;It is the affiliated position of the applicant is identical and the authority application logic is also identical more
A permission is stored to a preset authority set, wherein the preset authority set is using the position as first-level class
Label;Multiple permissions in the preset authority set are subjected to duplicate removal;After the identical multiple duplicate removals of affiliated function
The preset authority set merges into a preset permission packet, and the preset permission packet is using the department as secondary classification
Label.
Further, multiple permissions by the preset authority set carry out duplicate removal, comprising: by each power
Limit is segmented by natural language processing method, obtains multiple words;Indicate that model obtains each institute by preset term vector
The vector of predicate indicates;The vector similarity of multiple permissions is calculated using cosine similarity formula;It is similar from the vector
Degree, which is greater than in multiple permissions of preset threshold, retains a permission.
Further, in the keyword extracted in each authority application record, the affiliated portion of applicant is obtained
After door, affiliated position and permission, and described by the affiliated position of the applicant is identical and the authority application logic also phase
Same multiple permissions are stored to before a preset authority set, the method also includes: judge the affiliated of identical permission
Whether position number is greater than the first preset value;If so, the identical permission is then confirmed as general-purpose rights;By the general-purpose rights
It stores to preset general-purpose rights packet, wherein the general-purpose rights in the general-purpose rights packet are suitable for all Add User.
Further, described to be triggered according to the application logic of the matched authority set of the position and authority application request
Permission approval process, and after configuring based on the permission approval process permission of the user, the method also includes: it obtains
The increase authority request of the user, wherein the increase authority request carries permission to be increased;Judgement is with the user's
It whether there is the permission to be increased in the permission packet that position matches;If it exists, then will divide with the permission to be increased
User described in dispensing;If it does not exist, then new permission is created based on the increase authority request, and according to the application of the new permission
Logical triggering increases permission approval process newly.
Further, new permission is created based on the increase authority request described, and according to the application of the new permission
After logical triggering increases permission approval process newly, the method also includes: count permission of the identical position about the new permission
Application record number;Judge whether the authority application record number of the new permission is greater than the second preset value;If so, then will be described
New permission is incorporated into the authority set to match with the identical position.
To achieve the goals above, according to an aspect of the invention, there is provided a kind of user right configuration device, described
Device includes:
First acquisition unit requests in response to authority application, obtains the job information of the user of permission to be allocated;Matching is single
Member, for extracting the keyword in the job information, and according to the Keywords matching obtain the user affiliated function,
Affiliated position;Second acquisition unit, for obtaining matched permission packet, the permission packet according to the affiliated function of the user
Include the authority set of at least one position, wherein the application logic of multiple permissions in the authority set is identical;Third obtains single
Member obtains the matched authority set of position for the affiliated position according to the user from the permission packet;Configuration unit is used for
According to the application logic of the matched authority set of the position and authority application request triggering permission approval process, and it is based on institute
State the permission that permission approval process configures the user.
Further, described device further include:
4th acquiring unit, for obtaining multiple authority application records;Extraction unit, for extracting each permission Shen
Keyword in please recording obtains affiliated function, affiliated position and the permission of applicant;Processing unit is used for the application
The affiliated position of people is identical and the authority application logic also identical multiple permissions are stored to a preset authority set,
In, the preset authority set is using the position as first-level class label;Duplicate removal unit is used for the preset authority set
In multiple permissions carry out duplicate removals;Combining unit, for will be described preset after the identical multiple duplicate removals of affiliated function
Authority set merges into a preset permission packet, and the preset permission packet is using the department as secondary classification label.
To achieve the goals above, according to an aspect of the invention, there is provided a kind of computer non-volatile memories are situated between
Matter, the storage medium include the program of storage, control equipment where the storage medium in described program operation and execute
The user right configuration method stated.
To achieve the goals above, according to an aspect of the invention, there is provided a kind of computer equipment, including storage
Device, processor and storage in the memory and the computer program that can run on the processor, the processor
The step of above-mentioned user right configuration method is realized when executing the computer program.
In the present solution, by obtain user job information, obtained with job information and matched with the job information
Permission packet multiple permissions in permission packet are disposably matched and according to the application logic automatic trigger approval process in permission
It sets to user, applies without label repeatedly, improve authority configuration efficiency.
[Detailed description of the invention]
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below will be to needed in the embodiment attached
Figure is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for this field
For those of ordinary skill, without any creative labor, it can also be obtained according to these attached drawings other attached
Figure.
Fig. 1 is a kind of flow chart of optional user's authority configuring method provided in an embodiment of the present invention;
Fig. 2 is a kind of schematic diagram of optional user's authority configuration device provided in an embodiment of the present invention;
Fig. 3 is a kind of schematic diagram of optional computer equipment provided in an embodiment of the present invention.
[specific embodiment]
For a better understanding of the technical solution of the present invention, being retouched in detail to the embodiment of the present invention with reference to the accompanying drawing
It states.
It will be appreciated that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.Base
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts it is all its
Its embodiment, shall fall within the protection scope of the present invention.
The term used in embodiments of the present invention is only to be not intended to be limiting merely for for the purpose of describing particular embodiments
The present invention.In the embodiment of the present invention and the "an" of singular used in the attached claims, " described " and "the"
It is also intended to including most forms, unless the context clearly indicates other meaning.
It should be appreciated that term "and/or" used herein is only a kind of incidence relation for describing affiliated partner, indicate
There may be three kinds of relationships, for example, A and/or B, can indicate: individualism A, exist simultaneously A and B, individualism B these three
Situation.In addition, character "/" herein, typicallys represent the relationship that forward-backward correlation object is a kind of "or".
It will be appreciated that though terminal may be described using term first, second, third, etc. in embodiments of the present invention,
But these terminals should not necessarily be limited by these terms.These terms are only used to for terminal being distinguished from each other out.For example, not departing from the present invention
In the case where scope of embodiments, first terminal can also be referred to as second terminal, and similarly, second terminal can also be referred to as
One terminal.
Depending on context, word as used in this " if " can be construed to " ... when " or " when ...
When " or " in response to determination " or " in response to detection ".Similarly, depend on context, phrase " if it is determined that " or " if detection
(condition or event of statement) " can be construed to " when determining " or " in response to determination " or " when the detection (condition of statement
Or event) when " or " in response to detection (condition or event of statement) ".
Fig. 1 is a kind of flow chart of user right configuration method according to an embodiment of the present invention, as shown in Figure 1, this method
Include:
Step S101 requests in response to authority application, obtains the job information of the user of permission to be allocated.
Step S102 extracts the keyword in job information, and obtains affiliated function, the institute of user according to Keywords matching
Belong to position.
Step S103 obtains matched permission packet according to the affiliated function of user, and permission packet includes at least one position
Authority set, wherein the application logic of multiple permissions in authority set is identical.
Step S104 obtains the matched authority set of position according to the affiliated position of user from permission packet.
Step S105, according to the application logic of the matched authority set of position and authority application request triggering permission examination & approval stream
Journey, and the permission based on permission approval process configuration user.
In the present solution, being obtained with job information and being matched with the job information by the job information for obtaining user
Permission packet, and according to the application logic automatic trigger approval process in permission, multiple permissions in permission packet are disposably configured
To user, applies without label repeatedly, improve rights management efficiency.
Wherein, authority application logic is, for example, " supervisor examination & approval-manager's examination & approval-human resource manager puts on record ", then this
All permissions in permission packet directly push to supervisor in the form of a list, trigger approval process, accelerating examination and approval process.
Optionally, before obtaining matched permission packet according to the affiliated function of user, method further include:
Obtain multiple authority application records;The keyword in each authority application record is extracted, the affiliated of applicant is obtained
Department, affiliated position and permission;By the affiliated position of applicant is identical and authority application logic also identical multiple permissions store to
One preset authority set, wherein preset authority set is using position as first-level class label;It will be more in preset authority set
A permission carries out duplicate removal;Preset authority set after the identical multiple duplicate removals of affiliated function is merged into a preset permission
Packet, preset permission packet is using department as secondary classification label.
Wherein, authority application record can be clustered for example with the various forms such as document, electronics shelves, mail, permission: product development
It include the authority set of Test Engineer, the authority set of Developmental Engineer, authority set of Application Engineer etc. inside the permission packet in portion.
Permission is clustered according to the position and department that are applicable in employee, and is managed using level-one label, second level label, so that permission
Disposably be configured as possibility, improve the efficiency of authority configuration.
Specifically, first the different rights of identical position are classified in a preset authority set, and use position as point
Class label is managed authority set, so that can be obtained by position matching corresponding during new employee's authority distribution
Authority configuration, improve the efficiency of authority configuration.It in other embodiments, can also be according to the subdivision of position (as tested
Engineer is subdivided into ISO software engineer, WEB software engineer etc.) authority set is further divided into multiple permissions
Subset.So that can be more accurate when authority configuration.
Optionally, the job information of the user of permission to be allocated is obtained, comprising:
Obtain the job information of the new registration employee of Human Resource Management System push;
Or, inquiring the job information of user in human resources records center according to the employee number of user.It can also be by stepping on
Record the job information of company's site or website relevant to position (OPC, fort machine) inquiry user.Such as the test work of certain team
Cheng Shi.Specifically, new registration employee can have been searched whether in automatic regular polling Human Resource Management System the inside daily.
Optionally, multiple permissions in preset authority set are subjected to duplicate removal, comprising: each permission is passed through into natural language
Processing method is segmented, and multiple words are obtained;Indicate that model obtains the vector expression of each word by preset term vector;Using
Cosine similarity formula calculates the vector similarity of multiple permissions;It is protected from multiple permissions that vector similarity is greater than preset threshold
Stay a permission.
Wherein, cosine similarity calculation formula isCos (θ) indicates similarity, i table
Show vocabulary number, value is the positive integer of 1~n, and A indicates the first permission, and B indicates the second permission, and Ai indicates one in the first permission
Keyword, Bi indicate the keyword in the second permission.Term vector indicates that model for example can be the neural networks such as WORD2VEC
Model.
Optionally, the keyword in each authority application record is being extracted, is obtaining the affiliated function of applicant, affiliated position
And after permission, and by the affiliated position of applicant is identical and authority application logic also identical multiple permissions store to one it is pre-
If authority set before, method further include: judge whether the affiliated position number of identical permission is greater than the first preset value;If so,
Identical permission is then confirmed as general-purpose rights;General-purpose rights are stored to preset general-purpose rights packet, wherein in general-purpose rights packet
General-purpose rights be suitable for all Adding User.
Such as: permission 1 is " mail outgoing permission ", and position belonging to permission 1 includes Test Engineer, Developmental Engineer, answers
With engineer, technical support engineer etc., when the quantity for the position that permission same in permission application record is matched to is more than pre-
If permission 1 is confirmed as general-purpose rights when value (such as more than 10 positions), so that subsequent new user's applying right is prescribed a time limit, general power
Permission in limit packet will all be allocated to new user.
Optionally, permission approval process is triggered according to the application logic of the matched authority set of position and authority application request,
And after the permission based on permission approval process configuration user, method further include: obtain the increase authority request of user, wherein
Increase authority request and carries permission to be increased;With the presence or absence of to be increased in the permission packet that the position of judgement and user match
Permission;If it exists, then by with authority distribution to be increased to user;If it does not exist, then based on increasing, authority request creation is new to be weighed
Limit, and permission approval process is increased newly according to the application logical triggering of new permission.Wherein, increasing authority request is according to user's
After job information carries out authority configuration, additional rights increased request of the user based on the demand proposition of itself.
Optionally, new permission is being created based on increase authority request, and according to the newly-increased power of the application logical triggering of new permission
After limiting approval process, method further include: the authority application for counting identical position about new permission records number;Judge new permission
Authority application record number whether be greater than the second preset value;Match if so, being then incorporated into new permission with identical position
In authority set.
Such as: Test Engineer 1 apply permission 2, Test Engineer 2 apply permission 2, when Test Engineer's position about
When the request times of permission 2 are greater than 10 times, then permission 2 is included in authority set corresponding to Test Engineer's position automatically.It will be new
Permission is automatically assigned to all users of same position or same department, i.e., all Test Engineers can open permission automatically
2。
The embodiment of the invention provides a kind of user right configuration device, the device is for executing above-mentioned user right configuration
Method, as shown in Fig. 2, the device includes: first acquisition unit 10, matching unit 20, second acquisition unit 30, third acquisition list
First 40, configuration unit 50.
First acquisition unit 10 requests in response to authority application, obtains the job information of the user of permission to be allocated;
Matching unit 20, for extracting the keyword in job information, and belonging to obtaining user according to Keywords matching
Department, affiliated position;
Second acquisition unit 30, for obtaining matched permission packet according to the affiliated function of user, permission packet includes at least
The authority set of one position, wherein the application logic of multiple permissions in authority set is identical;
Third acquiring unit 40 obtains the matched authority set of position for the affiliated position according to user from permission packet;
Configuration unit 50, for being examined according to the application logic of the matched authority set of position and authority application request triggering permission
Criticize process, and the permission based on permission approval process configuration user.
In the present solution, being obtained with job information and being matched with the job information by the job information for obtaining user
Permission packet, and according to the application logic automatic trigger approval process in permission, multiple permissions in permission packet are disposably configured
To user, applies without label repeatedly, improve rights management efficiency.
Wherein, authority application logic is, for example, " supervisor examination & approval-manager's examination & approval-human resource manager puts on record ", then this
All permissions in permission packet directly push to supervisor in the form of a list, trigger approval process, accelerating examination and approval process.
Optionally, device further includes the 4th acquiring unit, extraction unit, processing unit, duplicate removal unit, combining unit.
4th acquiring unit, for obtaining multiple authority application records;Extraction unit, for extracting each authority application note
Keyword in record obtains affiliated function, affiliated position and the permission of applicant;Processing unit is used for the affiliated duty of applicant
Also identical multiple permissions are stored to a preset authority set the identical and authority application logic in position, wherein preset authority set
Using position as first-level class label;Duplicate removal unit, for multiple permissions in preset authority set to be carried out duplicate removal;Merge single
Member, it is preset for the preset authority set after the identical multiple duplicate removals of affiliated function to be merged into a preset permission packet
Permission packet is using department as secondary classification label.
Wherein, authority application record can be clustered for example with the various forms such as document, electronics shelves, mail, permission: product development
It include the authority set of Test Engineer, the authority set of Developmental Engineer, authority set of Application Engineer etc. inside the permission packet in portion.
Permission is clustered according to the position and department that are applicable in employee, and is managed using level-one label, second level label, so that permission
Disposably be configured as possibility, improve the efficiency of authority configuration.
Specifically, first the different rights of identical position are classified in a preset authority set, and use position as point
Class label is managed authority set, so that can be obtained by position matching corresponding during new employee's authority distribution
Authority configuration, improve the efficiency of authority configuration.It in other embodiments, can also be according to the subdivision of position (as tested
Engineer is subdivided into ISO software engineer, WEB software engineer etc.) authority set is further divided into multiple permissions
Subset.So that can be more accurate when authority configuration.
Optionally, first acquisition unit 10 includes the first acquisition subelement, the second acquisition subelement.
First obtains subelement, the job information of the new registration employee for obtaining Human Resource Management System push;
Second obtains subelement, for being believed according to the employee number of user in the position of human resources records center inquiry user
Breath.The job information of user can also be inquired by logging in company's site or website relevant to position (OPC, fort machine).Example
Such as the Test Engineer of certain team.Specifically, it can search whether newly automatic regular polling Human Resource Management System the inside daily
Registration employee.
Optionally, duplicate removal unit includes participle subelement, third acquisition subelement, computation subunit, processing subelement.
It segments subelement and obtains multiple words for segmenting each permission by natural language processing method;Third
Subelement is obtained, for indicating that model obtains the vector expression of each word by preset term vector;Computation subunit, for adopting
The vector similarity of multiple permissions is calculated with cosine similarity formula;Subelement is handled, it is default for being greater than from vector similarity
Retain a permission in multiple permissions of threshold value.
Wherein, cosine similarity calculation formula isCos (θ) indicates similarity, i table
Show vocabulary number, value is the positive integer of 1~n, and A indicates the first permission, and B indicates the second permission, and Ai indicates one in the first permission
Keyword, Bi indicate the keyword in the second permission.Term vector indicates that model for example can be the neural networks such as WORD2VEC
Model.
Optionally, device further includes the first judging unit, confirmation unit, storage unit.
First judging unit, for judging whether the affiliated position number of identical permission is greater than the first preset value;Confirmation form
Member, for if so, identical permission is then confirmed as general-purpose rights;Storage unit, for storing general-purpose rights to preset logical
With permission packet, wherein the general-purpose rights in general-purpose rights packet are suitable for all Add User.
Such as: permission 1 is " mail outgoing permission ", and position belonging to permission 1 includes Test Engineer, Developmental Engineer, answers
With engineer, technical support engineer etc., when the quantity for the position that permission same in permission application record is matched to is more than pre-
If permission 1 is confirmed as general-purpose rights when value (such as more than 10 positions), so that subsequent new user's applying right is prescribed a time limit, general power
Permission in limit packet will all be allocated to new user.
Optionally, device further includes the 5th acquiring unit, second judgment unit, allocation unit, trigger unit.
5th acquiring unit, for obtaining the increase authority request of user, wherein increase authority request carries to be increased
Permission;Second judgment unit, with the presence or absence of permission to be increased in the permission packet for judging to match with the position of user;Point
With unit, for if it exists, then by with authority distribution to be increased to user;Trigger unit increases for if it does not exist, being then based on
Add authority request to create new permission, and permission approval process is increased newly according to the application logical triggering of new permission.Wherein, increase permission
Request is after carrying out authority configuration according to the job information of user, user is increased based on the additional rights that the demand of itself proposes
Request.
Optionally, device further includes statistic unit, third judging unit, the second combining unit.
Statistic unit records number about the authority application of new permission for counting identical position;Third judging unit is used
Record whether number is greater than the second preset value in the authority application for judging new permission;Second combining unit, for if so, then will be new
Permission is incorporated into the authority set to match with identical position.
Such as: Test Engineer 1 apply permission 2, Test Engineer 2 apply permission 2, when Test Engineer's position about
When the request times of permission 2 are greater than 10 times, then permission 2 is included in authority set corresponding to Test Engineer's position automatically.It will be new
Permission is automatically assigned to all users of same position or same department, i.e., all Test Engineers can open permission automatically
2。
The embodiment of the invention provides a kind of computer non-volatile memory medium, storage medium includes the program of storage,
Wherein, when program is run, equipment where control storage medium executes following steps:
It is requested in response to authority application, obtains the job information of the user of permission to be allocated;Extract the pass in job information
Keyword, and the affiliated function of user, affiliated position are obtained according to Keywords matching;It is obtained according to the affiliated function of user matched
Permission packet, permission packet include the authority set of at least one position, wherein the application logic of multiple permissions in authority set is identical;
The matched authority set of position is obtained from permission packet according to the affiliated position of user;It is patrolled according to the application of the matched authority set of position
It collects and authority application request triggers permission approval process, and the permission based on permission approval process configuration user.
Optionally, when program is run, equipment where control storage medium executes following steps: obtaining multiple authority applications
Record;The keyword in each authority application record is extracted, affiliated function, affiliated position and the permission of applicant is obtained;By Shen
Position belonging to asking someone is identical and authority application logic also identical multiple permissions are stored to a preset authority set, wherein it is pre-
If authority set using position as first-level class label;Multiple permissions in preset authority set are subjected to duplicate removal;By affiliated portion
Preset authority set after the identical multiple duplicate removals of door merges into a preset permission packet, preset permission packet using department as
Secondary classification label.
Optionally, when program is run, equipment where control storage medium executes following steps: each permission is passed through certainly
Right language processing method is segmented, and multiple words are obtained;Indicate that model obtains the vector table of each word by preset term vector
Show;The vector similarity of multiple permissions is calculated using cosine similarity formula;It is greater than the multiple of preset threshold from vector similarity
Retain a permission in permission.
Optionally, when program is run, equipment where control storage medium executes following steps: judging the institute of identical permission
Belong to whether position number is greater than the first preset value;If so, identical permission is then confirmed as general-purpose rights;By general-purpose rights store to
Preset general-purpose rights packet, wherein the general-purpose rights in general-purpose rights packet are suitable for all Add User.
Optionally, when program is run, equipment where control storage medium executes following steps: obtaining the increase power of user
Limit request, wherein increase authority request and carry permission to be increased;In the permission packet that judgement matches with the position of user whether
There are permissions to be increased;If it exists, then by with authority distribution to be increased to user;If it does not exist, then based on increase permission
Request creates new permission, and increases permission approval process newly according to the application logical triggering of new permission.
Fig. 3 is a kind of schematic diagram of computer equipment provided in an embodiment of the present invention.As shown in figure 3, the meter of the embodiment
Machine equipment 100 is calculated to include: processor 101, memory 102 and storage in the memory 102 and can run on processor 101
Computer program 103, the computer program 103 by processor 101 execute when realize embodiment in user right configuration side
Method does not repeat one by one herein to avoid repeating.It is used in embodiment alternatively, being realized when the computer program is executed by processor 101
The function of each model/unit does not repeat one by one herein in the authority configuration device of family to avoid repeating.
Computer equipment 100 can be the calculating such as desktop PC, notebook, palm PC and cloud server and set
It is standby.Computer equipment may include, but be not limited only to, processor 101, memory 102.It will be understood by those skilled in the art that Fig. 3
The only example of computer equipment 100 does not constitute the restriction to computer equipment 100, may include than illustrate it is more or
Less component perhaps combines certain components or different components, such as computer equipment can also be set including input and output
Standby, network access equipment, bus etc..
Alleged processor 101 can be central processing unit (Central Processing Unit, CPU), can also be
Other general processors, digital signal processor (Digital Signal Processor, DSP), specific integrated circuit
(Application Specific Integrated Circuit, ASIC), field programmable gate array (Field-
Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic,
Discrete hardware components etc..General processor can be microprocessor or the processor is also possible to any conventional processor
Deng.
Memory 102 can be the internal storage unit of computer equipment 100, for example, computer equipment 100 hard disk or
Memory.What memory 102 was also possible to be equipped on the External memory equipment of computer equipment 100, such as computer equipment 100 inserts
Connect formula hard disk, intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital, SD) card, flash memory
Block (Flash Card) etc..Further, memory 102 can also both including computer equipment 100 internal storage unit or
Including External memory equipment.Memory 102 is for storing other program sum numbers needed for computer program and computer equipment
According to.Memory 102 can be also used for temporarily storing the data that has exported or will export.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In several embodiments provided by the present invention, it should be understood that disclosed system, device and method can be with
It realizes by another way.For example, the apparatus embodiments described above are merely exemplary, for example, the unit
It divides, only a kind of logical function partition, there may be another division manner in actual implementation, for example, multiple units or group
Part can be combined or can be integrated into another system, or some features can be ignored or not executed.Another point, it is shown
Or the mutual coupling, direct-coupling or communication connection discussed can be through some interfaces, device or unit it is indirect
Coupling or communication connection can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of hardware adds SFU software functional unit.
The above-mentioned integrated unit being realized in the form of SFU software functional unit can store and computer-readable deposit at one
In storage media.Above-mentioned SFU software functional unit is stored in a storage medium, including some instructions are used so that a computer
It is each that device (can be personal computer, server or network equipment etc.) or processor (Processor) execute the present invention
The part steps of embodiment the method.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (Read-
Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic or disk etc. it is various
It can store the medium of program code.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all in essence of the invention
Within mind and principle, any modification, equivalent substitution, improvement and etc. done be should be included within the scope of the present invention.
Claims (10)
1. a kind of user right configuration method, which is characterized in that the described method includes:
It is requested in response to authority application, obtains the job information of the user of permission to be allocated;
The keyword in the job information is extracted, and affiliated function, the institute of the user is obtained according to the Keywords matching
Belong to position;
Matched permission packet is obtained according to the affiliated function of the user, the permission packet includes the permission of at least one position
Collection, wherein the application logic of multiple permissions in the authority set is identical;
The matched authority set of position is obtained from the permission packet according to the affiliated position of the user;
Permission approval process, and base are triggered according to the application logic of the matched authority set of the position and authority application request
The permission of the user is configured in the permission approval process.
2. the method according to claim 1, wherein being matched in described obtained according to the affiliated function of the user
Permission packet before, the method also includes:
Obtain multiple authority application records;
The keyword in each authority application record is extracted, affiliated function, affiliated position and the permission of applicant is obtained;
By the affiliated position of the applicant is identical and the authority application logic also identical multiple permissions are stored to one
Preset authority set, wherein the preset authority set is using the position as first-level class label;
Multiple permissions in the preset authority set are subjected to duplicate removal;
The preset authority set after the identical multiple duplicate removals of affiliated function is merged into a preset permission packet, it is described pre-
If permission packet using the department as secondary classification label.
3. according to the method described in claim 2, it is characterized in that, multiple permissions by the preset authority set into
Row duplicate removal, comprising:
Each permission is segmented by natural language processing method, obtains multiple words;
Indicate that model obtains the vector expression of each institute's predicate by preset term vector;
The vector similarity of multiple permissions is calculated using cosine similarity formula;
Retain a permission from multiple permissions that the vector similarity is greater than preset threshold.
4. according to the method described in claim 2, it is characterized in that, in the pass extracted in each authority application record
Key word, after obtaining affiliated function, affiliated position and the permission of applicant, and described that the affiliated position of the applicant is identical
And also identical multiple permissions are stored to before a preset authority set authority application logic, the method is also wrapped
It includes:
Judge whether the affiliated position number of identical permission is greater than the first preset value;
If so, the identical permission is then confirmed as general-purpose rights;
The general-purpose rights are stored to preset general-purpose rights packet, wherein the general-purpose rights in the general-purpose rights packet are applicable in
It Adds User in all.
5. the method according to claim 1, wherein the application according to the matched authority set of the position is patrolled
It collects and authority application request triggers permission approval process, and configure the permission of the user based on the permission approval process
Later, the method also includes:
Obtain the increase authority request of the user, wherein the increase authority request carries permission to be increased;
With the presence or absence of the permission to be increased in the permission packet that the position of judgement and the user match;
If it exists, then the user will be given with the authority distribution to be increased;
If it does not exist, then new permission is created based on the increase authority request, and according to the application logical triggering of the new permission
Newly-increased permission approval process.
6. according to the method described in claim 5, it is characterized in that, described based on the new power of increase authority request creation
Limit, and according to the application logical triggering of the new permission increase newly permission approval process after, the method also includes:
The authority application that identical position is counted about the new permission records number;
Judge whether the authority application record number of the new permission is greater than the second preset value;
If so, then the new permission is incorporated into the authority set to match with the identical position.
7. a kind of user right configuration device, which is characterized in that described device includes:
First acquisition unit requests in response to authority application, obtains the job information of the user of permission to be allocated;
Matching unit obtains the user for extracting the keyword in the job information, and according to the Keywords matching
Affiliated function, affiliated position;
Second acquisition unit, for obtaining matched permission packet according to the affiliated function of the user, the permission packet includes extremely
The authority set of a few position, wherein the application logic of multiple permissions in the authority set is identical;
Third acquiring unit obtains the matched permission of position for the affiliated position according to the user from the permission packet
Collection;
Configuration unit, for according to the application logic of the matched authority set of the position and authority application request triggering permission
Approval process, and configure based on the permission approval process permission of the user.
8. device according to claim 7, which is characterized in that described device further include:
4th acquiring unit, for obtaining multiple authority application records;
Extraction unit obtains the affiliated function, affiliated of applicant for extracting the keyword in each authority application record
Position and permission;
Processing unit, for by the affiliated position of the applicant is identical and the authority application logic also identical multiple power
Limit is stored to a preset authority set, wherein the preset authority set is using the position as first-level class label;
Duplicate removal unit, for multiple permissions in the preset authority set to be carried out duplicate removal;
Combining unit, for by the preset authority set after the identical multiple duplicate removals of affiliated function merge into one it is preset
Permission packet, the preset permission packet is using the department as secondary classification label.
9. a kind of computer non-volatile memory medium, the storage medium includes the program of storage, which is characterized in that described
Equipment perform claim program controls the storage medium when running where requires the configuration of user right described in 1 to 6 any one
Method.
10. a kind of computer equipment, including memory, processor and storage are in the memory and can be in the processor
The computer program of upper operation, the processor are realized described in claim 1 to 6 any one when executing the computer program
User right configuration method the step of.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910307153.3A CN110147657A (en) | 2019-04-17 | 2019-04-17 | A kind of user right configuration method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910307153.3A CN110147657A (en) | 2019-04-17 | 2019-04-17 | A kind of user right configuration method and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110147657A true CN110147657A (en) | 2019-08-20 |
Family
ID=67588363
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910307153.3A Pending CN110147657A (en) | 2019-04-17 | 2019-04-17 | A kind of user right configuration method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110147657A (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111859442A (en) * | 2020-01-21 | 2020-10-30 | 北京嘀嘀无限科技发展有限公司 | Authority configuration method, authority configuration system and computer readable storage medium |
CN112347224A (en) * | 2020-06-11 | 2021-02-09 | 广州锦行网络科技有限公司 | Method for enhancing minimum privilege access control based on natural language processing |
CN113344744A (en) * | 2021-08-02 | 2021-09-03 | 广东电网有限责任公司中山供电局 | Personalized business function calculation method and device for power system |
CN115037501A (en) * | 2022-04-11 | 2022-09-09 | 深圳市华宜致信科技有限公司 | Authority management system and method of BI tool |
CN115687470A (en) * | 2022-09-28 | 2023-02-03 | 江苏科技大学 | Enterprise management method and system based on cloud platform |
CN116150723A (en) * | 2023-04-19 | 2023-05-23 | 北京智麟科技有限公司 | Method for identifying administrative approval process permission |
CN117455429A (en) * | 2023-12-21 | 2024-01-26 | 北京帮邦通达医疗器械有限公司 | Authority management method, device, equipment and storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101159053A (en) * | 2007-11-23 | 2008-04-09 | 金蝶软件(中国)有限公司 | Resources distribution method and system |
CN101699478A (en) * | 2009-10-28 | 2010-04-28 | 金蝶软件(中国)有限公司 | Right management method and device and management system |
WO2010124334A1 (en) * | 2009-05-01 | 2010-11-04 | Apply Direct Pty Ltd | System and method for providing computer-enabled employment search services |
CN109388921A (en) * | 2017-08-10 | 2019-02-26 | 顺丰科技有限公司 | A kind of unification user rights management platform and operation method |
CN109495480A (en) * | 2018-11-22 | 2019-03-19 | 北京车和家信息技术有限公司 | Right management method, device and server |
-
2019
- 2019-04-17 CN CN201910307153.3A patent/CN110147657A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101159053A (en) * | 2007-11-23 | 2008-04-09 | 金蝶软件(中国)有限公司 | Resources distribution method and system |
WO2010124334A1 (en) * | 2009-05-01 | 2010-11-04 | Apply Direct Pty Ltd | System and method for providing computer-enabled employment search services |
CN101699478A (en) * | 2009-10-28 | 2010-04-28 | 金蝶软件(中国)有限公司 | Right management method and device and management system |
CN109388921A (en) * | 2017-08-10 | 2019-02-26 | 顺丰科技有限公司 | A kind of unification user rights management platform and operation method |
CN109495480A (en) * | 2018-11-22 | 2019-03-19 | 北京车和家信息技术有限公司 | Right management method, device and server |
Non-Patent Citations (1)
Title |
---|
魏芸;: "基于JAVA的部门日常操作管理系统", 硅谷, no. 10, 23 May 2013 (2013-05-23) * |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111859442A (en) * | 2020-01-21 | 2020-10-30 | 北京嘀嘀无限科技发展有限公司 | Authority configuration method, authority configuration system and computer readable storage medium |
CN112347224A (en) * | 2020-06-11 | 2021-02-09 | 广州锦行网络科技有限公司 | Method for enhancing minimum privilege access control based on natural language processing |
CN113344744A (en) * | 2021-08-02 | 2021-09-03 | 广东电网有限责任公司中山供电局 | Personalized business function calculation method and device for power system |
CN115037501A (en) * | 2022-04-11 | 2022-09-09 | 深圳市华宜致信科技有限公司 | Authority management system and method of BI tool |
CN115037501B (en) * | 2022-04-11 | 2024-06-28 | 深圳市华宜致信科技有限公司 | Permission management system and method for BI tool |
CN115687470A (en) * | 2022-09-28 | 2023-02-03 | 江苏科技大学 | Enterprise management method and system based on cloud platform |
CN116150723A (en) * | 2023-04-19 | 2023-05-23 | 北京智麟科技有限公司 | Method for identifying administrative approval process permission |
CN117455429A (en) * | 2023-12-21 | 2024-01-26 | 北京帮邦通达医疗器械有限公司 | Authority management method, device, equipment and storage medium |
CN117455429B (en) * | 2023-12-21 | 2024-04-02 | 北京帮邦通达医疗器械有限公司 | Authority management method, device, equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110147657A (en) | A kind of user right configuration method and device | |
CN110163474A (en) | A kind of method and apparatus of task distribution | |
CN110163478A (en) | A kind of the risk checking method and device of contract terms | |
CN110083623B (en) | Business rule generation method and device | |
CN110347732A (en) | A kind of data transfer device and device | |
CN105122212A (en) | Periodicity optimization in an automated tracing system | |
CN110162754B (en) | Method and equipment for generating post description document | |
CN110597719B (en) | Image clustering method, device and medium for adaptation test | |
CN107622326A (en) | User's classification, available resources Forecasting Methodology, device and equipment | |
CN112069242B (en) | Data processing method based on big data and cloud computing and big data service platform | |
CN112738040A (en) | Network security threat detection method, system and device based on DNS log | |
CN109885834B (en) | Method and device for predicting age and gender of user | |
CN109063066A (en) | Data query method and device, data management system | |
CN109241084A (en) | Querying method, terminal device and the medium of data | |
US11087096B2 (en) | Method and system for reducing incident alerts | |
CN107871055A (en) | A kind of data analysing method and device | |
CN110175276A (en) | Infringing information acquisition methods, device, computer equipment and storage medium | |
CN113435517A (en) | Abnormal data point output method and device, computer equipment and storage medium | |
CN109446054B (en) | Processing method and terminal equipment for override operation request based on big data | |
CN115809466B (en) | Security requirement generation method and device based on STRIDE model, electronic equipment and medium | |
CN111798352A (en) | Enterprise state supervision method, device, equipment and computer readable storage medium | |
CN105302844B (en) | Internet surveillance method, apparatus and system | |
CN110059234A (en) | Water utilities anomalous event method for detecting and device, computer installation and storage medium | |
CN111352818B (en) | Application program performance analysis method and device, storage medium and electronic equipment | |
CN113626387A (en) | Task data export method and device, electronic equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |