CN110457891A - A kind of authority configuration interface display method, device, terminal and storage medium - Google Patents

A kind of authority configuration interface display method, device, terminal and storage medium Download PDF

Info

Publication number
CN110457891A
CN110457891A CN201910660702.5A CN201910660702A CN110457891A CN 110457891 A CN110457891 A CN 110457891A CN 201910660702 A CN201910660702 A CN 201910660702A CN 110457891 A CN110457891 A CN 110457891A
Authority
CN
China
Prior art keywords
control
permission
authority configuration
role
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910660702.5A
Other languages
Chinese (zh)
Other versions
CN110457891B (en
Inventor
程跃斌
甘松云
李羊
尹程程
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Anhui Zhihengxin Technology Co Ltd
Original Assignee
Anhui Zhihengxin Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Anhui Zhihengxin Technology Co Ltd filed Critical Anhui Zhihengxin Technology Co Ltd
Priority to CN201910660702.5A priority Critical patent/CN110457891B/en
Publication of CN110457891A publication Critical patent/CN110457891A/en
Application granted granted Critical
Publication of CN110457891B publication Critical patent/CN110457891B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/248Presentation of query results
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • G06F3/0481Interaction techniques based on graphical user interfaces [GUI] based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance
    • G06F3/04812Interaction techniques based on cursor appearance or behaviour, e.g. being affected by the presence of displayed objects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2203/00Indexing scheme relating to G06F3/00 - G06F3/048
    • G06F2203/048Indexing scheme relating to G06F3/048
    • G06F2203/04804Transparency, e.g. transparent or translucent windows
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Human Computer Interaction (AREA)
  • Computational Linguistics (AREA)
  • Data Mining & Analysis (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention provides a kind of authority configuration interface display method, device, terminal and storage medium.Its method and step includes: to receive active user's log-on message;By showing permission control in software interface first area;The permission control is configured at role in a manner of visual.Non-technical personnel can be allowed to carry out visual authority configuration on the page, the party in request of system or actual management personnel is really allowed to carry out intuitive convenient and fast authority configuration, so that technical staff is separated the sea of bitterness of rights management and is absorbed in the exploitation of business function.Solve current authority configuration need the technological development personnel of system backstage by modification code adjustment, cause authority configuration low efficiency in system operation, process redundancy, it is inconvenient the problems such as.

Description

A kind of authority configuration interface display method, device, terminal and storage medium
Technical field
The present invention relates to computer application technologies, specifically, being related to a kind of authority configuration interface display method, dress It sets, terminal and storage medium.
Background technique
Access control based roles (RBAC) are a kind of data permission management the most studied in recent years, that thought is most mature Mechanism, it is considered as the ideal candidates of the traditional forced symmetric centralization (MAC) and self contained navigation (DAC) of replacement.It is based on The basic thought of the access control (RBAC) of role is to divide different angles according to functional post different in business organization's view The access authority of data resource is encapsulated in role by color, and user indirectly accesses data by being endowed different roles Base resource.Method for managing user right may be authorized by a user possesses multiple roles, and a role can be by multiple use Family is constituted;Each role can possess a variety of permissions, and each permission can also license to multiple and different roles.Each operation can apply In multiple users, each user can also receive multiple operations, and the visit of user is controlled by the different role that user is endowed It asks.
However to rights management and configuration, need the operation maintenance personnel of technical staff or very familiar system on backstage at present Or database is safeguarded.It allows technical staff to configure role-security in information-based management system, is both troublesome careful again Careful ' hard bone ', trouble be because create each functional module, all increase permission newly manually one by one, then role is awarded Power;Be with caution because different user have different processing authorities to data, once authority distribution mistake, information are revealed by people, meeting Generate serious consequence.This is the most important thing of present information management system, it is necessary to be defined with party in request or user The concrete power limit of role, but software developer does not know about corporate structure generally, very that accurately configures to different role and weighs Limit.Therefore the new permission grant mode of one kind is developed urgently to solve common problem in current management systems.
Prior art discloses a kind of visual authority configurations of Web application and development, comprising: step 1: selection web The object that application and development permission is assigned;Step 2: being defined the competence and assigned between object and respective resources in a manner of visual Connection, it is the dom element in html that wherein permission, which assigns the corresponding resource of object, in the html page in a manner of visualizing form Upper control mouse selects dom element;Step 3: establishing the mapping relations between permission imparting object and respective resources, configure permission Rule, wherein the ID attribute or customized unique identification that pass through in html position dom element in the current html page Position either navigates to dom element current by class attribute in html or customized multiple non-unique identifiers Position in the html page.This method is set permission imparting object and be may be only accurate to element on the html page, however in list Data field be difficult to carry out more fining configuration.
Summary of the invention
1, it to solve the problems, such as
For current authority configuration need the technological development personnel of system backstage by modification code adjustment, cause be Unite operational process in authority configuration low efficiency, process redundancy, it is inconvenient the problems such as, the present invention provides a kind of authority configuration interface Display methods, device, terminal and storage medium.By showing permission control in software interface first area;With visual The permission control is configured at role by mode.Non-technical personnel can be allowed to carry out visual authority configuration on the page, very The party in request of system or actual management personnel is just being allowed to carry out intuitive convenient and fast authority configuration, so that technical staff be separated The sea of bitterness of rights management and the exploitation for being absorbed in business function.
2, technical solution
To solve the above problems, the present invention adopts the following technical scheme that.
In a first aspect, the present invention provides a kind of authority configuration interface display method, this method step includes:
Receive active user's log-on message;
Permission control is shown in software interface first area;
The permission control is configured at role in a manner of visual.
It is further, described that the permission control is configured at role in a manner of visual, comprising:
The first control is shown in the permission control corresponding position of software interface;
The operation to first control is responded, the child control of dialog box main body and dialog box, the dialogue frame are popped up Control is corresponding to show different role identifications;
The permission is configured by choosing different role mark.
Further, the permission control corresponding position in software interface shows the first control step further include:
The second control is shown in software interface second area;
In response to the operation to the second control, controlled in the permission control corresponding position show or hide first of software interface Part.
Further, when the operation in response to the first control, the first control generates a translucent mask layer, Mask the display area that current first control is controlled.
Further, the permission control includes third control and the 4th control, and the first area includes third region And the fourth region;
Third control is shown in third region;
Respond the operational order to any one control in the third control;
The 4th control is shown in the 4th subregion of software interface.
Further, the third control includes routing menu;4th control include operation button, page elements and Data field it is one or more.
Second aspect, the present invention provides a kind of authority configuration interface display apparatus, comprising:
First receiving unit, for receiving active user's log-on message;
First display unit, for showing permission control in software interface first area according to the data;
Authority configuration unit, for the permission control to be configured at role in a manner of visual.
Further, the authority configuration unit includes:
Second display unit shows the first control for the permission control corresponding position in software interface;
Second receiving unit pops up the son of dialog box main body and dialog box for receiving the operation to first control Control;
Dialog box unit, for showing that the dialog box child control corresponds to different role identifications, by choosing different angles Colour code, which is known, configures the permission.
The third aspect, the present invention provides a kind of terminal, including processor, input equipment, output equipment and memory, institutes It states processor, input equipment, output equipment and memory to be sequentially connected, the memory is described for storing computer program Computer program includes program instruction, and the processor is configured for calling described program instruction, executes above-mentioned method.
Fourth aspect, the present invention provides a kind of readable storage medium storing program for executing, the storage medium is stored with computer program, institute Stating computer program includes program instruction, and described program instruction makes the processor execute above-mentioned side when being executed by a processor Method.
3, beneficial effect
Compared with the prior art, the invention has the benefit that
(1) present invention provides a kind of authority configuration interface display method, by showing permission in software interface first area Control;The permission control is configured at role in a manner of visual.Non-technical personnel can be allowed to carry out on the page visually The authority configuration of change really allows the party in request of system or actual management personnel to carry out intuitive convenient and fast authority configuration, thus Technical staff is separated into the sea of bitterness of rights management and is absorbed in the exploitation of business function;
(2) authority configuration of the invention have higher fine granularity, specifically can with control to the page on menu, button, page Surface element, data field can only generally control menu and button relative to traditional permission, realize for page elements, number It is distributed according to the accurate control of field permission, makes the diagonal color distribution of permission more reasonable, be more suitable for business development;
(3) operation of the first control is clicked by mouse, the first control can automatically become a translucent mask layer, hide Cover the display area that current first control is controlled;The personnel of authority configuration can be allowed to be apparent from, herein permission control The indication range of control and the data of display make configuration more clear intuitive;
(4) before rendering front end page, server is according to the corresponding permissions data table of active user, to the data field Sql inquiry request is pre-processed, the corresponding permissions data field of return user, rather than what traditional comparison user was possessed Permission and carry out page elements and data field display and hide, preferably ensure that the safety of data.
Detailed description of the invention
The drawings described herein are used to provide a further understanding of the present invention, constitutes part of this application, this hair Bright illustrative embodiments and their description are used to explain the present invention, and are not constituted improper limitations of the present invention.In attached drawing:
Fig. 1 is one kind permission visual configuration control method flow chart in information system provided in an embodiment of the present invention;
Fig. 2 is the mapping relations schematic diagram between building user and role provided in an embodiment of the present invention;
Fig. 3 is the software interface schematic diagram provided in an embodiment of the present invention for opening authority configuration mode;
Fig. 4 is a kind of authority configuration interface display method flow chart provided in an embodiment of the present invention;
Fig. 5 software interface schematic diagram provided in an embodiment of the present invention for not opening authority configuration mode;
Fig. 6 is a kind of authority configuration interface display structural schematic diagram provided in an embodiment of the present invention.
Specific embodiment
It is described in detail below in conjunction with embodiment of the attached drawing to technical solution of the present invention.Following embodiment is only used for Clearly illustrate technical solution of the present invention, therefore be only used as example, and cannot be used as a limitation and limit protection model of the invention It encloses.It should be noted that unless otherwise indicated, technical term or scientific term used in this application are should be belonging to the present invention The ordinary meaning that field technical staff is understood.
In this application, term " first ", " second " etc. are used for description purposes only, and are not understood to indicate or imply phase To importance or implicitly indicate the quantity of indicated technical characteristic.In the description of the present invention, the meaning of " plurality " is two More than a, unless otherwise specifically defined.
It should be appreciated that ought use in this specification and in the appended claims, term " includes " instruction is described special Sign, entirety, step, operation, the presence of element and/or component, but be not precluded one or more of the other feature, entirety, step, Operation, the presence or addition of element, component and/or its set.
It is also understood that mesh of the term used in this description of the invention merely for the sake of description specific embodiment And be not intended to limit the present invention.As description of the invention and it is used in the attached claims, unless on Other situations are hereafter clearly indicated, otherwise " one " of singular, "one" and "the" are intended to include plural form.
As used in this specification and in the appended claims, term " if " can be according to context quilt Be construed to " when ... " or " once " or " in response to determination " or " in response to detecting ".
In the specific implementation, terminal described in the embodiment of the present invention is including but not limited to such as with touch sensitive surface The mobile phone, laptop computer or tablet computer of (for example, touch-screen display and/or touch tablet) etc it is other just Portable device.It is to be further understood that in certain embodiments, the equipment is not portable communication device, but there is touching Touch the desktop computer of sensing surface (for example, touch-screen display and/or touch tablet).
In following discussion, the terminal including display and touch sensitive surface is described.It is, however, to be understood that It is that terminal may include one or more of the other physical user-interface device of such as physical keyboard, mouse and/or control-rod.
Terminal supports various application programs, such as one of the following or multiple: drawing application program, demonstration application journey Sequence, word-processing application, website create application program, disk imprinting application program, spreadsheet applications, game application Program, telephony application, videoconference application, email application, instant messaging applications, exercise Support application program, photo management application program, digital camera application program, digital camera application program, web-browsing application Program, digital music player application and/or video frequency player application program.
The various application programs that can be executed at the terminal can be used such as touch sensitive surface at least one is public Physical user-interface device.It can adjust and/or change among applications and/or in corresponding application programs and touch sensitive table The corresponding information shown in the one or more functions and terminal in face.In this way, the public physical structure of terminal is (for example, touch Sensing surface) it can support the various application programs with user interface intuitive and transparent for a user.
Basic idea of the present invention is as follows, and permission control is configured first in information system and authority configuration identifies control;So The mapping relations between user and role are constructed afterwards;By the operation in response to identifying control to authority configuration, by the permission It is configured at role in a manner of visual, synchronizes to form the corresponding permissions data table of each user;Non-technical personnel can be allowed to exist Visual authority configuration is carried out on the page, really allows the party in request of system or actual management personnel to carry out intuitive convenient and fast Authority configuration solves existing so that technical staff is separated the sea of bitterness of rights management and is absorbed in the exploitation of business function In technology authority configuration it is inconvenient the problem of.It is illustrated combined with specific embodiments below.
Embodiment 1
Here is the explanation of some technical terms:
Instruction: instruction (Directives) is the special characteristics with v- prefix.The responsibility of instruction is, when the value of expression formula When change, the related influence generated acts on HTML element to response type.
HTML element: HTML uses " label " (markup also makees tag) to indicate text, picture and other content, so as to In being shown in Web browser.HTML markup include some special " elements " such as<head>,<title>,<body>,<header >,<footer>,<article>,<section>,<p>,<div>,<span>,<img>,<aside>,<audio>,<canvas >,<datalist>,<details>,<embed>,<nav>,<output>,<progress>,<video>Deng.
Vuex:Vuex is the condition managing mode for aiming at Vue.js application development.
Routing: routing (Router) is that the program or module that can handle this network address are found according to network address.
Bit arithmetic: all numbers in program are all to be stored in calculator memory in the form of binary;Bit arithmetic is just It is directly to be operated to the binary digit of integer in memory.
Based on background technique there are the problem of, the present invention is based on the front end frames of Vue to carry out visualization authority configuration, allows skill It is simple that art personnel define permission, makes non-technical personnel distribution permission simpler, has been substantially carried out the improvement of the following.
As shown in Figure 1, the present embodiment provides one kind in information system permission visual configuration control method, the method Step includes the following:
S102: configuring permission control in information system and authority configuration identifies control;
It is based on RBAC access authority basic model specifically, establishing in information system, and configures power in correspondence database table Limit control includes at least one for routing menu, operation button, page elements and data field;Further configure authority configuration Control is identified, authority configuration mark control is shown in the corresponding position of permission control in software interface, and corresponding position can be The permission control upper left corner, the upper right corner, the lower left corner and the lower right corner, it is not limited here.And in the another location of software interface, if Set " opening authority configuration " control that control authority configuration identifier control is hidden or shown.
Wherein, menu permission is routed in information system determines that some user can enter page representated by the routing Face;
The operation grade permission refers to that corresponding operation button is just aobvious to user when user is endowed the permission of some operation Show, such as " newly-increased ", " editor ", " deletion " and " inquiry " etc.;
The page elements permission indicates, shows on the html page permission of the HTML element of some or a certain section. For example, user's name querying condition (one section of div element on the page);
The permission of the data field indicates the permission of display entities field, for example, " list of names data field " and " account status table data field " etc..
It should be noted that developer can also according to actual needs, customized newly-increased manually or modification routing menu, The permission of operation button, page elements and data field.
Further, there is corresponding unique routing title by different routings, then to corresponding different permission control under routing Part assigns a unique key and identifies, to ensure that each page has unique permission key, under each page The permission for needing to control, such as at least one of routing menu, operation button, page elements and data field, pass through html In ID attribute or it is customized unique identification is carried out to permission control, distinguish traditional permission control using url resource as Unique identifier;To make permission control have further promotion on implementation.These permissions in system configuration Data are saved in server end, can control simultaneously the permission and corresponding permission control of the page entrance when user logs in by system Part.
It will be appreciated by those skilled in the art that being in the present embodiment necessary with the interaction of servers' data.And it compiles The tool of Cheng Yuyan is all that alternatively, such as routing, instruction, Vuex are that alternatively, can be substituted by different tools real Now same function.
S104: the mapping relations between building user and role;
Specifically, constructing subscriber group information according to the user information, and being as shown in Fig. 2, obtain user information first User and user group establish one-to-many relationship;The subscriber group information and role mapping relationship are constructed, is user group and role Establish one-to-many relationship.
It should be noted that the basic model accessed based on RBAC is established for step S102 and S104, i.e., it is newly-built to use Family, user group, role and permissions base model, be exactly user by associating the permissions with roles, to obtain certain The access right of function.Permission is given to role, rather than user, but a user can possess several roles, One user belongs to multiple user groups, as soon as user group can possess several roles, this user possesses oneself several role Possess the function privilege that several roles (multiple roles take union) are included with user group.Briefly, if a user possesses Dry role, each role possess several function privileges.User is final operator, the end user of permission, control Limit control authority is actually the permission of control user, rather than the permission of role or user group;User group is relatively vertical For straight.Such as this user group of purchasing department is actually to be made of business personnel's (definition is all user) of purchasing department, Definite relation with the superior and the subordinate;Purchasing department can only check the document for belonging to purchasing department, and sales department, which can only check, belongs to sales department Document, with the property that strong department's property is organized in other words, although purchasing department business personnel is to belong to the same portion Door, but not necessarily have identical permission, such as handle and had differences certainly with the permission of general business person;User group It is with a kind of vertical both top-down property, and the range of role is then without dense vertical relation not as, but Property with obvious level and intersection;For example a role is now defined in systems: manager, this manager's packet The manager of each department is contained, and has been not merely purchasing manager either Sales Manager, it is evident that this ' manager ' role Obviously there is the permission of the manager of each department simultaneously, that is to say, that at this time if each department managers are only at ' manager ' Role then purchasing manager not only has the operating right of purchasing manager, while being also imparted with other each department manager Permission, this when, the permission of each line manager was consistent, but was bound to cause the congestion or confusion of permission in this way, First object mentioned just now at this time, i.e. user just use, and several line managers belong to ' manager ' role's situation It is lower to think that the permission between them is had any different again, each line manager (i.e. user) can individually be authorized, you can also roots certainly Incidence relation or exclusion relations between the user group being according to the user and role confirm the final permission of user.
S106: in response to the operation to authority configuration mark control, the permission is configured at angle in a manner of visual Color synchronizes to form the corresponding permissions data table of each user;
As shown in Figure 3 specifically, when distributing permission, there is user's (the generally system for opening visual edit permission Super keepe) log in into system, by click " opening authority configuration " control button, after opening edit pattern, it will From all roles and permissions base and related data is read from the background, into front end page, all " authority configuration marks " control is shown Part button, it can covering all at one glance views all roles whether there is or not menu on the page, button, page elements, data field power The case where limit, can carry out the operation that menu, button, page elements, data field and role assign permission in current page.In mouse When mark is moved to capability identification button, " authority configuration mark " control button will become a translucent mask layer, mask The region that current entitlement labeled button is controlled." authority configuration mark " control button is clicked, is responded to the labeled button The child control of dialog box main body and dialog box is popped up in operation;The dialog box child control is corresponding to show different role identifications, leads to The user group that unique identifier corresponding with permission control requests possessed permission to server end is crossed, is needed to configure by choosing The role of permission, after saving editor, the corresponding permissions data table of each user, completes user in synchronous vacations server end Permission visual configuration.
It should be noted that being by routing menu and the fixed affiliated user of HTML element setting in the prior art Group reaches the permission of control HTML element by user group belonging to dynamic configuration user.The program is unable to satisfy user Group needs to modify source code when needing to add user group with mobilism configuration while permission to realize, inflexible, The permission control of mini-system can only be satisfied with.The present embodiment is based on visual authority configuration, awards the rights management of system Power has greater flexibility and convenience.More accurately authority configuration can show different menus, operation to different personnel The permission of button, page elements, data field is configured, can be shown according to different personnel same data whole or Selected part field more refines permission control.
It should also be noted that, after possessing administrator role or operation maintenance personnel Role Users login system, into user Administration page has assigned the permission of " account status table data field " to administrator role and operation maintenance personnel role automatically, then may be used The account use state data can be checked in this data list.After there is no user's login system of permission, into user Administration page, page data will not show this column data of account state.In this way, it is all to have a clear understanding of administrator more The use state of user account, the imparting of more convenient permission.
S108: active user's log-on message is received into front end page and loads the corresponding permissions data of the active user The authority information configured in table renders front end page.
Specifically, the permission that ordinary user's login hair family owning user group possesses at present authority list and system is all Table carries out controlling whether that user is allowed to enter corresponding page in user's jump page by comparing the permission that user is possessed Face will not show access into the routing menu of this page, and in browser address bar when user's lack of competence enters this page Being manually entered corresponding routing address can not also access.
When entering this page, front end system judges whether to be able to enter corresponding road according to the various authority informations of user By, if show that corresponding control such as routes menu, operation button, page elements and data field etc.;Further, In Before rendering front end page, server according to the corresponding permissions data table of active user, to the data field sql inquiry request into Row pretreatment, returns to the corresponding permissions data field of user, rather than the permission that is possessed of traditional comparison user and carry out page The display of face and html element and hide, preferably ensure that the safety of data.
Embodiment 2
Difference from Example 1 is: being stored on the representation method of the permission using binary value.Into one Step defines the mark and explanatory note of N kind permission in data dictionary, and the N kind permission is sorted, the attribute value of i-th bit permission It is 2i;According to the permission chosen, to the Authorization Attributes value assignment of corresponding role, which is converted into binary form Up to formula;If the value of i-th bit is 1 in the expression formula, then it represents that the role has i-th bit permission.
Specifically, for example needing to configure N number of permission, the mark and explanatory note of N kind permission are defined in data dictionary, it will N kind permission sequence, and by each permission binary representation, for example, certain role possess the value of the first to n-th permission can It indicates are as follows: 20+21+22...2n, it is corresponding to be represented in binary as 111....1111 (n total), if without the n permission angle Color, which possesses the first to the (n-1)th permission, may be expressed as: 20+21+22...2n-1, inquire whether user has n authority method, It can be with the value (2 for the authority credentials and n permission that user possessesn) position and operation (&) are carried out, if returning to 1 indicates this permission, Otherwise it indicates without this permission.
When for newly-increased user right, with corresponding 2nValue deposit permission database.Such as it is managed in existing system Member role (admin) has obtained the authorization of all (n-1) kind permissions, and the value of permission can be identified as Padmin=20+21+ 22...2n-1, PadminIllustrate the permission situation that administrator role (admin) possesses, newly-increased N kind authority credentials is expressed as Vn =2n, the mark and explanatory note of N kind permission are defined in data dictionary, and the authority credentials of the role is stored in role's table. Then increasing its value of N kind permission newly to administrator role (admin) role may be expressed as:
Padmin=Padmin+Vn;
Deleting its value of administrator role (admin) role's N kind permission may be expressed as:
Padmin=Padmin-Vn;
Whether searching and managing person role (admin) role includes that newly-increased N kind permission formula expression formula may be expressed as:
Padmin&Vn
Indicate that administrator role (admin) role has the authorization of N kind permission if returning to 1;Otherwise without permission.
By PadminNumerical value be converted to binary expression mode: 1111...111111, from low level toward a high position on number, N Numerical value be 1 indicate that administrator role (admin) has the authorization of N kind permission, if without N or N numerical value Indicate administrator role (admin) role without the authorization of N kind permission for 0.Such permission storage mode, bit arithmetic efficiency Height has a clear superiority in the efficiency of newly-increased, deletion, search access right, if applying in large-scale application system, performance is substantially mentioned It rises.
Embodiment 3
As in Figure 3-5, on the basis of embodiment 1, the present embodiment further provides for a kind of authority configuration interface display Method, this method step include:
S202: active user's log-on message is received;
Specifically, user here refers to the user for possessing authority distribution permission, the generally super keepe of system.
S204: permission control is shown in software interface first area 1000;
As Fig. 5 shows all permission controls in software interface first area 1000 after the super keepe of system logs in Part, the permission control include third control and the 4th control;
Further, the first area 1000 of software interface includes third region and the fourth region, is shown in third region 3000 show third control;The third control includes routing menu, such as " system administration ", " user management " and " user group Management " etc.;
Respond the operational order to any one control in the third control;Specifically, super keepe passes through mouse Third control is clicked, then shows the 4th control in the 4th subregion 4000 of software interface.4th control include operation button, Page elements and data field, wherein operation button can be " what's new ", " deleting function ", " editting function ", " inquiry Function " etc.;
Page elements can be " address name querying condition ", " account status querying condition ", " login account inquiry item Part ", " gender querying condition ", " cell-phone number querying condition " etc..
Data field can be " list of names data field ", " account status table data field ", " login account list Data field ", " gender list's data field " and " cell-phone number table data field " etc..
S206: being configured at role for the permission control in a manner of visual, and the visual means include:
(1) the first control is shown in the permission control corresponding position of software interface;
Specifically, as shown in figure 3, the first control step of display includes:, in the display of software interface second area 2,000 second Control, in response to the operation to the second control, in permission control corresponding position the first control of show or hide of software interface.This In the first control color that can be expressed as " rectangular buttons ", and fill, can according to need and fill obvious color, such as Red, blue or green etc..Second control is configurable to " opening authority configuration ", clicks the second control soft by mouse Permission control corresponding position first control of show or hide at part interface, it should be understood by those skilled in the art that corresponding position here It can be in the permission control upper left corner, the upper right corner, the lower left corner and the lower right corner, it is not limited here;It should also be understood that here first The collocation form of control and the second control, shape or color can make variation according to actual needs, but be not used in limitation Protection scope of the present invention.
When administrator's mouse clicks " open authority configuration " button, i.e. the second control, after opening edit pattern, it will from rear Platform reads all roles and permissions base and related data, and all " authority configuration mark " controls are shown on the first interface 1000 Button, it can covering all at one glance views all roles whether there is or not menu, button, page elements, data field permissions on the page The case where, further the permissions control type ascribed role permissions such as menu, button, page elements, data field are carried out in current page Operation.
(2) child control of dialog box main body and dialog box is popped up in operation of the response to first control;
When in response to operation to the first control, the first control will become a translucent mask layer, masks and works as The display area that preceding first control is controlled.Specifically, matching such as Fig. 3 for " user management " permission in routing menu When setting, administrator clicks the operation of the first control by mouse, and the first control will become a translucent mask layer, mask The display area that current entitlement control is controlled can allow the personnel of authority configuration to be apparent from, and permission control controls herein Indication range and display data, make configuration more clear intuitive;And the child control of dialog box main body and dialog box is popped up, institute The different role identification of the corresponding display of dialog box child control is stated, role identification here can be, business personnel role, O&M people Member role, ordinary user human roles and administrator role etc..
(3) permission is configured by choosing different role mark;
Specifically, administrator, which chooses different role by mouse, identifies corresponding child control, and click dialog box main body ACK button, after saving editor, the corresponding permissions data table of each role, completes role's in synchronous vacations server end The visual configuration of permission.
Embodiment 4
The present embodiment provides a kind of terminal, including processor, input equipment, output equipment and memory, the processor, Input equipment, output equipment and memory are sequentially connected, and the memory is for storing computer program, the computer program Including program instruction, the processor is configured for calling described program instruction, executes method described in embodiment 3.
Embodiment 5
A kind of computer readable storage medium is present embodiments provided, the computer storage medium is stored with computer journey Sequence, the computer program include program instruction, and described program instruction makes the processor execute reality when being executed by a processor Apply method described in example 3.
Specifically, the computer readable storage medium can be the storage inside list of terminal described in previous embodiment Member, such as the hard disk or memory of terminal.The computer readable storage medium is also possible to the External memory equipment of the terminal, Such as the plug-in type hard disk being equipped in the terminal, intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital, SD) card, flash card (Flash Card) etc..Further, the computer readable storage medium is also Can both including the terminal internal storage unit and also including External memory equipment.The computer readable storage medium is used for Other programs and data needed for storing the computer program and the terminal.The computer readable storage medium may be used also For temporarily storing the data that has exported or will export.
Those of ordinary skill in the art may be aware that list described in conjunction with the examples disclosed in the embodiments of the present disclosure Member and algorithm steps, can be realized with electronic hardware, computer software, or a combination of the two, in order to clearly demonstrate hardware With the interchangeability of software, each exemplary composition and step are generally described according to function in the above description.This A little functions are implemented in hardware or software actually, the specific application and design constraint depending on technical solution.Specially Industry technical staff can use different methods to achieve the described function each specific application, but this realization is not It is considered as beyond the scope of this invention.
It is apparent to those skilled in the art that for convenience of description and succinctly, the end of foregoing description The specific work process at end and unit, can refer to corresponding processes in the foregoing method embodiment, details are not described herein.
In several embodiments provided herein, it should be understood that disclosed terminal and method, it can be by other Mode realize.For example, the apparatus embodiments described above are merely exemplary, for example, the division of the unit, only For a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components can combine Or it is desirably integrated into another system, or some features can be ignored or not executed.In addition, shown or discussed is mutual Between coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING or communication link of device or unit It connects, is also possible to electricity, mechanical or other form connections.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.Some or all of unit therein can be selected to realize the embodiment of the present invention according to the actual needs Purpose.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit It is that each unit physically exists alone, is also possible to two or more units and is integrated in one unit.It is above-mentioned integrated Unit both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product When, it can store in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words It embodies, which is stored in a storage medium, including some instructions are used so that a computer Equipment (can be personal computer, server or the network equipment etc.) executes the complete of each embodiment the method for the present invention Portion or part steps.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic or disk etc. are various can store journey The medium of sequence code.
Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present invention., rather than its limitations;To the greatest extent Pipe present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: its according to So be possible to modify the technical solutions described in the foregoing embodiments, or to some or all of the technical features into Row equivalent replacement;And these are modified or replaceed, various embodiments of the present invention technology that it does not separate the essence of the corresponding technical solution The range of scheme should all cover within the scope of the claims and the description of the invention.
Embodiment 6
As shown in fig. 6, the present embodiment provides a kind of authority configuration interface display apparatus, comprising:
First receiving unit 50, it is on server and corresponding with the personal information that active user logs in for receiving Data;
First display unit 60, for showing permission control in software interface first area according to the data;
Permission visual configuration module 70, for the permission control to be configured at role in a manner of visual.
Specifically, the authority configuration unit 70 includes the second display unit 710, for the permission control in software interface Corresponding position shows the first control;
Second receiving unit 720 pops up dialog box main body and dialog box for receiving the operation to first control Child control;
Dialog box unit 730, for showing that the dialog box child control corresponds to different role identifications, by choosing difference Role identification configures the permission.
Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present invention., rather than its limitations;To the greatest extent Pipe present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: its according to So be possible to modify the technical solutions described in the foregoing embodiments, or to some or all of the technical features into Row equivalent replacement;And these are modified or replaceed, various embodiments of the present invention technology that it does not separate the essence of the corresponding technical solution The range of scheme should all cover within the scope of the claims and the description of the invention.

Claims (10)

1. a kind of authority configuration interface display method characterized by comprising
Receive active user's log-on message;
Permission control is shown in software interface first area;
The permission control is configured at role in a manner of visual.
2. authority configuration interface display method according to claim 1, which is characterized in that described to be incited somebody to action in a manner of visual The permission control is configured at role, comprising:
The first control is shown in the permission control corresponding position of software interface;
The operation to first control is responded, the child control of dialog box main body and dialog box, the dialog box child control are popped up It is corresponding to show different role identifications;
The permission is configured by choosing different role mark.
3. authority configuration interface display method according to claim 2, which is characterized in that the permission in software interface Control corresponding position shows the first control step further include:
The second control is shown in software interface second area;
In response to the operation to the second control, in permission control corresponding position the first control of show or hide of software interface.
4. authority configuration interface display method according to claim 2, which is characterized in that described in response to the first control Operation when, the first control generate a translucent mask layer, mask the display area that current first control is controlled.
5. authority configuration interface display method according to claim 1 or 2, which is characterized in that the permission control includes Third control and the 4th control, the first area include third region and the fourth region;
Third control is shown in third region;
Respond the operational order to any one control in the third control;
The 4th control is shown in the 4th subregion of software interface.
6. authority configuration interface display method according to claim 5, which is characterized in that the third control includes routing Menu;4th control includes the one or more of operation button, page elements and data field.
7. a kind of authority configuration interface display apparatus characterized by comprising
First receiving unit, for receiving active user's log-on message;
First display unit, for showing permission control in software interface first area according to the data;
Authority configuration unit, for the permission control to be configured at role in a manner of visual.
8. authority configuration interface display apparatus according to claim 7, which is characterized in that the authority configuration unit packet It includes:
Second display unit shows the first control for the permission control corresponding position in software interface;
Second receiving unit pops up the child control of dialog box main body and dialog box for receiving the operation to first control;
Dialog box unit, for showing that the dialog box child control corresponds to different role identifications, by choosing different role mark Know and configures the permission.
9. a kind of terminal, including processor, input equipment, output equipment and memory, the processor, input equipment, output Equipment and memory are sequentially connected, and for the memory for storing computer program, the computer program includes program instruction, The processor is configured for calling described program instruction, executes as the method according to claim 1 to 6.
10. a kind of storage medium, which is characterized in that the storage medium is stored with computer program, the computer program packet Program instruction is included, described program instruction executes the processor such as any one of claim 1-6 institute The method stated.
CN201910660702.5A 2019-07-22 2019-07-22 Permission configuration interface display method, device, terminal and storage medium Active CN110457891B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910660702.5A CN110457891B (en) 2019-07-22 2019-07-22 Permission configuration interface display method, device, terminal and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910660702.5A CN110457891B (en) 2019-07-22 2019-07-22 Permission configuration interface display method, device, terminal and storage medium

Publications (2)

Publication Number Publication Date
CN110457891A true CN110457891A (en) 2019-11-15
CN110457891B CN110457891B (en) 2022-02-18

Family

ID=68481617

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910660702.5A Active CN110457891B (en) 2019-07-22 2019-07-22 Permission configuration interface display method, device, terminal and storage medium

Country Status (1)

Country Link
CN (1) CN110457891B (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110941839A (en) * 2019-11-18 2020-03-31 中国经济信息社有限公司 User authority management method and system, equipment and storage medium
CN110955872A (en) * 2019-12-12 2020-04-03 北京金山云科技有限公司 Authority control method, device, terminal and medium
CN111679870A (en) * 2020-06-12 2020-09-18 中国银行股份有限公司 Menu generation method and device, electronic equipment and computer storage medium
CN111783050A (en) * 2020-07-02 2020-10-16 浪潮云信息技术股份公司 Role and authority control system of website user
CN113114693A (en) * 2021-04-16 2021-07-13 北京天空卫士网络安全技术有限公司 Account state display method and device
CN113312121A (en) * 2020-02-26 2021-08-27 京东数字科技控股有限公司 Interface matching method, device and system, storage medium and electronic device
CN113360813A (en) * 2020-03-02 2021-09-07 深圳中广核工程设计有限公司 Data interaction method, device, equipment and storage medium of nuclear power design and production management platform
CN114172727A (en) * 2021-12-07 2022-03-11 中国建设银行股份有限公司 Information processing method, information processing apparatus, electronic device, and storage medium
CN114928537A (en) * 2022-05-17 2022-08-19 中国联合网络通信集团有限公司 Network equipment configuration method, device and storage medium
CN115248933A (en) * 2021-04-26 2022-10-28 北京字跳网络技术有限公司 Authority setting method, device, equipment and medium
CN114172727B (en) * 2021-12-07 2024-04-26 中国建设银行股份有限公司 Information processing method, information processing apparatus, electronic device, and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102930226A (en) * 2012-10-25 2013-02-13 无锡中科泛在信息技术研发中心有限公司 Method for controlling use permission of fine-grained client
CN103971036A (en) * 2013-01-28 2014-08-06 鸿富锦精密工业(深圳)有限公司 Page field access control system and method
CN105825146A (en) * 2016-03-18 2016-08-03 浪潮通用软件有限公司 Design and implementation for rapidly distributing data authorities under RBAC (Role Based Access Control) model
CN106471517A (en) * 2014-06-20 2017-03-01 微软技术许可有限责任公司 The visualization different because of user to display elements

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102930226A (en) * 2012-10-25 2013-02-13 无锡中科泛在信息技术研发中心有限公司 Method for controlling use permission of fine-grained client
CN103971036A (en) * 2013-01-28 2014-08-06 鸿富锦精密工业(深圳)有限公司 Page field access control system and method
CN106471517A (en) * 2014-06-20 2017-03-01 微软技术许可有限责任公司 The visualization different because of user to display elements
CN105825146A (en) * 2016-03-18 2016-08-03 浪潮通用软件有限公司 Design and implementation for rapidly distributing data authorities under RBAC (Role Based Access Control) model

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
起个名字真XX费劲: ""RBAC用户、角色、权限、组设计方案"", 《HTTPS://BLOG.CSDN.NET/LJW499356212/ARTICLE/DETAILS/81055141/》 *

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110941839B (en) * 2019-11-18 2022-10-14 中国经济信息社有限公司 User authority management method and system, equipment and storage medium
CN110941839A (en) * 2019-11-18 2020-03-31 中国经济信息社有限公司 User authority management method and system, equipment and storage medium
CN110955872A (en) * 2019-12-12 2020-04-03 北京金山云科技有限公司 Authority control method, device, terminal and medium
CN113312121A (en) * 2020-02-26 2021-08-27 京东数字科技控股有限公司 Interface matching method, device and system, storage medium and electronic device
CN113360813A (en) * 2020-03-02 2021-09-07 深圳中广核工程设计有限公司 Data interaction method, device, equipment and storage medium of nuclear power design and production management platform
CN111679870A (en) * 2020-06-12 2020-09-18 中国银行股份有限公司 Menu generation method and device, electronic equipment and computer storage medium
CN111783050A (en) * 2020-07-02 2020-10-16 浪潮云信息技术股份公司 Role and authority control system of website user
CN113114693A (en) * 2021-04-16 2021-07-13 北京天空卫士网络安全技术有限公司 Account state display method and device
CN115248933A (en) * 2021-04-26 2022-10-28 北京字跳网络技术有限公司 Authority setting method, device, equipment and medium
CN114172727A (en) * 2021-12-07 2022-03-11 中国建设银行股份有限公司 Information processing method, information processing apparatus, electronic device, and storage medium
CN114172727B (en) * 2021-12-07 2024-04-26 中国建设银行股份有限公司 Information processing method, information processing apparatus, electronic device, and storage medium
CN114928537A (en) * 2022-05-17 2022-08-19 中国联合网络通信集团有限公司 Network equipment configuration method, device and storage medium
CN114928537B (en) * 2022-05-17 2023-06-13 中国联合网络通信集团有限公司 Network equipment configuration method, device and storage medium

Also Published As

Publication number Publication date
CN110457891B (en) 2022-02-18

Similar Documents

Publication Publication Date Title
CN110443010A (en) One kind permission visual configuration control method, device, terminal and storage medium in information system
CN110457891A (en) A kind of authority configuration interface display method, device, terminal and storage medium
CN109688120B (en) Dynamic authority management system based on improved RBAC model and Spring Security framework
CN103425778B (en) A kind of intelligent development platform of database application system
US9087296B2 (en) Navigable semantic network that processes a specification to and uses a set of declaritive statements to produce a semantic network model
EP2116954A1 (en) Apparatus and method for accessing data in a multi-tenant database according to a trust hierarchy
CN106843835A (en) A kind of application systems software constructing system of meta data customizing, system constituting method
EP2626820A2 (en) Role-based content rendering
CN110807015A (en) Big data asset value delivery management method and system
CN101923549A (en) User-defined visual intelligent track clue analytical system and establishing method
CN110069246A (en) The plateform system and its application that a kind of Java Web application is quickly developed
WO2022052682A1 (en) Medical system and permission management method therefor
KR101275871B1 (en) System and method for producing homepage in SaaS ENVIRONMENT, A computer-readable storage medium therefor
CN101373527A (en) Human authority control method engaged with system
CN112182622A (en) Authority management system design method based on resource control
CN105930330A (en) Portal system page display method and apparatus
CN100465882C (en) Method and system of establishing culture sensitive control element for global application
CN106790060A (en) The right management method and device of a kind of role-base access control
CN113031936A (en) Method and system for automatically setting up page and immediately releasing page
CN106599216A (en) Computer based training courseware publishing system
US10303668B2 (en) Automatic screen generation device, automatic screen generation program, and automatic screen generation method
CN201111137Y (en) Post authoring apparatus
US10740483B2 (en) Unified instance authorization based on attributes and hierarchy assignment
JP2002245160A (en) Storage medium storing program for making computer perform processing controlling output layout in business management system and output layout controller
US20210304144A1 (en) Information processing device and non-transitory computer readable medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant