CN111027091B - Method, device, medium and electronic equipment for managing authority - Google Patents
Method, device, medium and electronic equipment for managing authority Download PDFInfo
- Publication number
- CN111027091B CN111027091B CN201911107587.5A CN201911107587A CN111027091B CN 111027091 B CN111027091 B CN 111027091B CN 201911107587 A CN201911107587 A CN 201911107587A CN 111027091 B CN111027091 B CN 111027091B
- Authority
- CN
- China
- Prior art keywords
- department
- information
- node
- nodes
- personnel
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/10—Office automation; Time management
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Strategic Management (AREA)
- Human Resources & Organizations (AREA)
- Entrepreneurship & Innovation (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Data Mining & Analysis (AREA)
- Bioethics (AREA)
- General Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Economics (AREA)
- Marketing (AREA)
- Operations Research (AREA)
- Quality & Reliability (AREA)
- Tourism & Hospitality (AREA)
- General Business, Economics & Management (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The present disclosure provides a method, apparatus, medium, and electronic device for managing rights. The method comprises the following steps: acquiring an organization hierarchical structure tree; calculating first path distances from a first department node to other department nodes in the organization hierarchical structure tree; and acquiring first opening department information aiming at preset personnel information and first opening personnel information corresponding to the first opening department information based on a preset authority rule, an opening distance parameter, the first path distance and the organization hierarchical structure tree. The method and the system realize the safety protection of sensitive information such as enterprise personnel information and organizational structure. Through automatic processing, manual intervention on personnel information and department information is reduced, management efficiency is improved, and the risk problems of misoperation and malicious operation are reduced.
Description
Technical Field
The present disclosure relates to the field of computer management, and in particular, to a method, an apparatus, a medium, and an electronic device for managing permissions.
Background
Currently, the internet has become a true information highway. Instant Messaging (IM) is the most popular communication method on the internet at present, and is a terminal service that allows two or more people to use the internet to communicate text messages, files, voice and video in real time. The Instant Messaging is divided into Enterprise Instant Messaging (EIM for short) and website Instant Messaging according to the use purpose, and also divided into mobile phone Instant Messaging and PC Instant Messaging according to the loaded object, wherein the mobile phone Instant Messaging represents short messages, websites and video Instant Messaging.
EIM is a tool service for network marketing, network communication and content management for enterprise end users. The user must provide real identity information, and the data document transmitted by the system usually relates to the business of the enterprise and even is confidential, so that the protection of personal privacy and the security of the business information of the company is the key point of EIM. Therefore, the EIM is usually deployed on a server of an enterprise, and an employee logs in the server to perform work communication and exchange in a specific range, so as to facilitate security management and control, guarantee data security, and prevent loss or leakage of important data.
An enterprise with strict requirements for information security management usually manages information in a hierarchical manner, for example, in different departments for performing rights management. However, there are two problems with this approach:
1. cross-department communication often exists in the enterprise operation process, particularly in the same level department under the same parent level department;
2. the staff of the department at a lower level can only communicate with a few people in the department, so that the existing significance of the address book of the enterprise is lost.
Disclosure of Invention
This summary is provided to introduce a selection of concepts in a simplified form that are further described below in the detailed description. This summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter.
An object of the present disclosure is to provide a method, an apparatus, a medium, and an electronic device for managing rights, which can solve at least one of the above-mentioned technical problems. The specific scheme is as follows:
according to a specific embodiment of the present disclosure, in a first aspect, the present disclosure provides a method for managing permissions, including:
acquiring an organization hierarchical structure tree; wherein the organization hierarchy tree comprises department nodes and personnel nodes; the department node is a father node in the organization hierarchical structure tree and comprises department information; the personnel nodes are leaf nodes in the organization hierarchical structure tree and comprise personnel information belonging to department information corresponding to a parent node of the personnel nodes;
calculating first path distances from a first department node to other department nodes in the organization hierarchical structure tree; the first department node is a father node of a personnel node corresponding to the preset personnel information;
acquiring first opening department information aiming at preset personnel information and first opening personnel information corresponding to the first opening department information based on a preset authority rule, an opening distance parameter, the first path distance and the organization level structure tree; the opening distance parameter is an integer and is used for controlling the range of the opening department information and the opening personnel information.
According to a second aspect, the present disclosure provides an apparatus for managing rights, including:
acquiring an organization hierarchical structure tree unit for acquiring an organization hierarchical structure tree; wherein the organization hierarchy tree comprises department nodes and personnel nodes; the department node is a father node in the organization hierarchical structure tree and comprises department information; the personnel nodes are leaf nodes in the organization hierarchical structure tree and comprise personnel information belonging to department information corresponding to a parent node of the personnel nodes;
a path distance calculating unit, configured to calculate a first path distance from a first department node to another department node in the organization hierarchy tree; the first department node is a father node of a personnel node corresponding to the preset personnel information;
a first open information obtaining unit, configured to obtain, based on a preset authority rule, an open distance parameter, the first path distance, and the organization hierarchy tree, first open department information for preset person information and first open person information corresponding to the first open department information; the opening distance parameter is an integer and is used for controlling the range of the opening department information and the opening personnel information.
According to a third aspect, there is provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements a method of managing rights according to any of the first aspects.
According to a fourth aspect thereof, the present disclosure provides an electronic device, comprising: one or more processors; storage means for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to implement a method of managing rights as claimed in any of the first aspects.
Compared with the prior art, the scheme of the embodiment of the disclosure at least has the following beneficial effects:
the present disclosure provides a method, apparatus, medium, and electronic device for managing rights. The method comprises the following steps: acquiring an organization hierarchical structure tree; wherein the organization hierarchy tree comprises department nodes and personnel nodes; the department node is a father node in the organization hierarchical structure tree and comprises department information; the personnel nodes are leaf nodes in the organization hierarchical structure tree and comprise personnel information belonging to department information corresponding to a parent node of the personnel nodes; calculating first path distances from a first department node to other department nodes in the organization hierarchical structure tree; the first department node is a father node of a personnel node corresponding to the preset personnel information; acquiring first opening department information aiming at preset personnel information and first opening personnel information corresponding to the first opening department information based on a preset authority rule, an opening distance parameter, the first path distance and the organization level structure tree; the opening distance parameter is an integer and is used for controlling the range of the opening department information and the opening personnel information.
The method and the system realize the safety protection of sensitive information such as enterprise personnel information and organizational structure. Through automatic processing, manual intervention on personnel information and department information is reduced, management efficiency is improved, and the risk problems of misoperation and malicious operation are reduced.
Drawings
The above and other features, advantages and aspects of various embodiments of the present disclosure will become more apparent by referring to the following detailed description when taken in conjunction with the accompanying drawings. Throughout the drawings, the same or similar reference numbers refer to the same or similar elements. It should be understood that the drawings are schematic and that elements and features are not necessarily drawn to scale. In the drawings:
FIG. 1 shows a flow diagram of a method of managing rights in accordance with an embodiment of the present disclosure;
FIG. 2 illustrates an organizational hierarchy tree of a method of managing permissions according to an embodiment of the disclosure;
FIG. 3 illustrates an open structure tree of a method of managing permissions according to an embodiment of the present disclosure;
FIG. 4 illustrates a block diagram of elements of an apparatus for managing permissions, according to an embodiment of the present disclosure;
fig. 5 shows an electronic device connection structure schematic according to an embodiment of the present disclosure.
Detailed Description
Embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While certain embodiments of the present disclosure are shown in the drawings, it is to be understood that the present disclosure may be embodied in various forms and should not be construed as limited to the embodiments set forth herein, but rather are provided for a more thorough and complete understanding of the present disclosure. It should be understood that the drawings and embodiments of the disclosure are for illustration purposes only and are not intended to limit the scope of the disclosure.
It should be understood that the various steps recited in the method embodiments of the present disclosure may be performed in a different order, and/or performed in parallel. Moreover, method embodiments may include additional steps and/or omit performing the illustrated steps. The scope of the present disclosure is not limited in this respect.
The term "include" and variations thereof as used herein are open-ended, i.e., "including but not limited to". The term "based on" is "based, at least in part, on". The term "one embodiment" means "at least one embodiment"; the term "another embodiment" means "at least one additional embodiment"; the term "some embodiments" means "at least some embodiments". Relevant definitions for other terms will be given in the following description.
It should be noted that the terms "first", "second", and the like in the present disclosure are only used for distinguishing different devices, modules or units, and are not used for limiting the order or interdependence relationship of the functions performed by the devices, modules or units.
It is noted that references to "a", "an", and "the" modifications in this disclosure are intended to be illustrative rather than limiting, and that those skilled in the art will recognize that "one or more" may be used unless the context clearly dictates otherwise.
The names of messages or information exchanged between devices in the embodiments of the present disclosure are for illustrative purposes only, and are not intended to limit the scope of the messages or information.
Alternative embodiments of the present disclosure are described in detail below with reference to the accompanying drawings.
A first embodiment, namely, an embodiment of a method for managing permissions, is provided for the present disclosure.
The embodiments of the present disclosure are described in detail below with reference to fig. 1, fig. 2 and fig. 3, wherein fig. 1 is a flowchart of a method for managing permissions provided by the embodiments of the present disclosure; FIG. 2 illustrates an organizational hierarchy tree of a method of managing permissions according to an embodiment of the disclosure; fig. 3 illustrates an open structure tree of a method of managing rights according to an embodiment of the present disclosure.
Referring to fig. 1, in step S101, an organization hierarchy tree is obtained.
A tree is an important non-linear data structure, which, intuitively, is a structure in which data elements (called nodes in the tree) are organized in a branching relationship. Each node in the tree has zero or more child nodes. If a node has a superordinate node, the superordinate node is called a parent node. A node without a parent is called a root node, which is a special parent. Each non-root node has one and only one parent node. Nodes in a tree that do not have child nodes are called leaf nodes.
The organization hierarchical structure tree is a tree established according to organization relations in enterprises. The organization relations comprise relations among departments, relations among persons and departments.
Wherein the organization hierarchy tree includes department nodes and personnel nodes.
The department node is a parent node in the organization hierarchy tree and includes a piece of department information. That is, all parent nodes with children nodes in the organizational hierarchy tree are department nodes, including the root node.
The personnel node is a leaf node in the organization hierarchical structure tree and comprises personnel information belonging to department information corresponding to a father node of the personnel node. That is, all leaf nodes in the organizational hierarchy tree are personnel nodes.
And the information of the person under the department information, namely the person under the department.
For example, as shown in fig. 2, the nodes a (root nodes), a1, a11, a12, a122, a4, a42, a422 and a4222 are all parent nodes, that is, department nodes; the nodes a2, a3, a111, a121, a1221, a1222, a41, a43, a421, a4221, a42221 and a2222 are all leaf nodes, that is, personnel nodes.
Step S102, calculating a first path distance from a first department node to other department nodes in the organization hierarchical structure tree.
The first department node is a father node of a personnel node corresponding to the preset personnel information.
The preset person information is person information that is preset in order to implement authority management for a person in the embodiment of the present disclosure. The method of the embodiment of the disclosure is to acquire the opening information for the preset personnel information.
For example, continuing the above example, if the staff node corresponding to the preset staff information is a4221, the parent node of the staff node a4221 is the department node a422, and the first department node is the department node a 422.
Optionally, the other department nodes include each main department node from the parent node of the first department node to the root node in the organization hierarchy structure tree and the adjacent department node of the same level of each main department node.
The main department node and the peer adjacent department node are peer department nodes.
The preset personnel information belongs to the department corresponding to the main department node, namely the preset personnel is managed by the department corresponding to the main department node.
For example, continuing the above example, if the parent of first department node a422 is department node a42 and the root node is department node a, then each master department node from the parent of the first department node to the root node includes: department node a42 (corresponding department information is sale two), department node a4 (corresponding department information is Xinhua division company) and department node a (corresponding department information is Shijiazhuang division company); the department node a4 has a peer adjacent department node a1 (the corresponding department information is bridge west division company), and the department node a4 and the department node a1 are peer department nodes; the preset personnel information is Xiaoming, the Xiaoming is an employee who sells two parts, the selling two parts are managed by a Xinhua division company, and the Xinhua division company is managed by a Shijiazhuang division company.
Optionally, the first path distance is a number of edges from the first department node to the other department nodes in the organization hierarchy tree.
The edge in the tree is the connection of two nodes. The number of edges is the number of edges that pass from the start node to the end node.
For example, continuing with the above example, the first path distance from the first department node a422 to department node a42 is 1, the first path distance from the first department node a422 to department node a4 is 2, the first path distance from the first department node a422 to department node a is 3, and the first path distance from the first department node a422 to department node a1 is 3.
Step S103, acquiring first opening department information aiming at preset personnel information and first opening personnel information corresponding to the first opening department information based on a preset authority rule, an opening distance parameter, the first path distance and the organization level structure tree.
The opening distance parameter is an integer and is used for controlling the range of the opening department information and the opening personnel information. The larger the opening distance parameter is, the more opened department information and opening person information are. The opening distance parameter does not need to be adjusted even if the department information and/or the person information changes.
The first open-department information includes: first sub open division information, second sub open division information, and third sub open division information; the first openers information includes: first sub-opener information, second sub-opener information, and third sub-opener information.
The preset authority rules comprise the following rules:
and a first rule, based on the organization hierarchy structure tree, acquiring first sub-open department information corresponding to the first department node and the subordinate department nodes thereof, and first sub-open personnel information corresponding to personnel nodes of the first department node and the subordinate department nodes thereof.
For example, continuing the above example, the subordinate department node of the first department node a422 is a 4222; the staff node of the first department node a422 is a4221, and the staff nodes of the subordinate department node a4222 are a42221 and a 42222.
And a second rule, acquiring second sub-opening department information corresponding to each main department node from the father node of the first department node to the root node and second sub-opening personnel information corresponding to the personnel node of each main department node based on the organization hierarchical structure tree.
For example, continuing the above example, each master department node from parent node a42 of first department node a422 to root node a includes: department node a42, department node a4, and department node a; the personnel nodes of department node a42 are a421, the personnel nodes of department node a4 are a41 and personnel node a43, and the personnel nodes of department node a include personnel node a2 and personnel node a 3.
And a third rule, when the opening distance parameter is a positive integer and the minimum path distance value is greater than 1, acquiring third sub-opening department information corresponding to a second department node and third sub-opening personnel information corresponding to personnel nodes of the second department node based on the organization hierarchy tree.
Wherein the minimum path distance value is a minimum value of a path distance threshold range corresponding to the open distance parameter; the second department node is a department node of which the first path distance is less than or equal to the minimum path distance value among the other department nodes; when the number of the same department nodes is more than 1, the path distance threshold range is more than or equal to the minimum first path distance of the same department nodes and less than the maximum first path distance of the same department nodes; when the number of peer department nodes is equal to 1, the path distance threshold range is greater than or equal to the minimum first path distance of the peer department nodes and less than the minimum first path distance plus 1.
For example, continuing the above example, the opening distance parameter is 2, department node a4 and department node a1 are peer department nodes, and the number of peer department nodes is greater than 1; the first path distance of department node a4 is 2, the first path distance of department node a1 is 3, the path distance threshold range is greater than or equal to 2 and less than 3; the minimum path distance value is 2 if the open distance parameter corresponds to the path distance threshold range; the second department node is the other department node whose first path distance is less than or equal to 2.
And when the opening distance parameter is greater than zero and the minimum path distance value is equal to 1, the rule III is invalid, and only the information of the rule I and the rule II can be opened for the preset personnel information.
The embodiment of the disclosure does not simply control the openness of the organizational structure information by setting the nodes of the organizational hierarchy tree, but controls the openness of the organizational structure information by department nodes and path distances. Corresponding information can be seen no matter the flat management and the vertical management are carried out, and therefore the purpose of flexible application is achieved.
Optionally, the staff information includes department leader information or department member information.
The first openers information includes: department responsible person information and department member information corresponding to the personnel nodes of the first department node and the subordinate department nodes thereof, and department responsible person information corresponding to the personnel nodes of the other department nodes.
Optionally, when the opening distance parameter is equal to zero, the first openers information includes: department responsible person information and department member information corresponding to the personnel nodes of the first department node and the subordinate department nodes thereof, and department responsible person information corresponding to the personnel nodes of the other department nodes.
Since cross-department communication is often communication with the responsible person of the department. Therefore, the department architecture and the personnel are separated, and the personnel can only see the organization architecture of the upper-level department and the information of the responsible person of the upper-level department, but can not directly see other employees of the upper-level department. And the superior personnel can see all the employee information and the responsible person information of the subordinate department. The information exchange is facilitated, and meanwhile, the safety of the enterprise organization architecture information is improved.
Optionally, the method further includes:
and step S104, acquiring a second open department node corresponding to preset open department information based on the organization hierarchy structure tree.
The preset open department information is open department information set for the preset personnel information.
Step S105, obtaining second open department information corresponding to the second open department node and its subordinate department node, and second open person information corresponding to person nodes of the second open department node and its subordinate department node, based on the organization hierarchy structure tree.
And step S106, acquiring a first shielding department node corresponding to preset shielding department information based on the organization hierarchical structure tree.
The preset shielding department information is shielding department information set for preset personnel information;
step S107, acquiring first shielding department information corresponding to the first shielding department node and the subordinate department nodes thereof and first shielding personnel information corresponding to the personnel nodes of the first shielding department node and the subordinate department nodes thereof based on the organization hierarchical structure tree.
And step S108, acquiring open department union information based on the first open department information and the second open department information.
Step S109, deleting the first shielding department information from the open department union information, and acquiring third open department information.
Step S110, acquiring openers union information based on the first openers information and the second openers information.
And step S111, deleting the first shielding personnel information from the openers union information to obtain third openers information.
The embodiment of the disclosure satisfies various requirements for security protection of organization architecture information by automatically opening and customizing the organization architecture information.
Optionally, the method further includes:
and step S112, generating an open structure tree aiming at preset personnel information based on the third opening department information and the third opening personnel information.
Wherein the open structure tree comprises a third department node and a third person node; the third department node is a father node in the open structure tree and comprises third open department information; the third personnel node is a leaf node in the open structure tree and comprises a father node corresponding to third open department information subordinate to the third open department information.
For example, continuing the above example, the opening distance parameter is 2, the preset opening department information is the department information corresponding to the department node a12, the second opening department node is the department node a12, the second opening department information includes the department information corresponding to the department node a122, and the second opening person information includes the person information corresponding to the person node a121, the person node a1221, and the person node a 1222; the open structure tree is shown in fig. 3.
The embodiment of the disclosure realizes the security protection of sensitive information such as enterprise personnel information and organizational structure. Through automatic processing, manual intervention on personnel information and department information is reduced, management efficiency is improved, and the risk problems of misoperation and malicious operation are reduced.
Corresponding to the first embodiment provided by the present disclosure, the present disclosure also provides a second embodiment, that is, an apparatus for managing rights. Since the second embodiment is basically similar to the first embodiment, the description is simple, and the relevant portions should be referred to the corresponding description of the first embodiment. The device embodiments described below are merely illustrative.
Fig. 4 illustrates an embodiment of an apparatus for managing rights provided by the present disclosure. Fig. 4 is a block diagram of elements of an apparatus for managing permissions provided by an embodiment of the present disclosure.
Referring to fig. 4, the present disclosure provides an apparatus for managing rights, including: the organization hierarchy tree unit 401 is acquired, the path distance unit 402 is calculated, and the first open information unit 403 is acquired.
An acquisition organization level structure tree unit 401 for acquiring an organization level structure tree; wherein the organization hierarchy tree comprises department nodes and personnel nodes; the department node is a father node in the organization hierarchical structure tree and comprises department information; the personnel nodes are leaf nodes in the organization hierarchical structure tree and comprise personnel information belonging to department information corresponding to a parent node of the personnel nodes;
a calculate path distance unit 402, configured to calculate a first path distance from a first department node to another department node in the organization hierarchy tree; the first department node is a father node of a personnel node corresponding to the preset personnel information;
a first open information obtaining unit 403, configured to obtain, based on a preset authority rule, an open distance parameter, the first path distance, and the organization hierarchy tree, first open department information for preset staff information and first open staff information corresponding to the first open department information; the opening distance parameter is an integer and is used for controlling the range of the opening department information and the opening personnel information.
Optionally, the other department nodes include each main department node from the parent node of the first department node to the root node in the organization hierarchy structure tree and the adjacent department node of the same level of each main department node.
Optionally, the first path distance is a number of edges from the first department node to the other department nodes in the organization hierarchy tree.
Optionally, the first open-department information includes: first sub open division information, second sub open division information, and third sub open division information; the first openers information includes: first sub-opener information, second sub-opener information, and third sub-opener information;
the preset authority rules comprise the following rules:
acquiring first sub-open department information corresponding to the first department node and the subordinate department nodes thereof and first sub-open personnel information corresponding to the personnel nodes of the first department node and the subordinate department nodes thereof based on the organization hierarchy structure tree;
acquiring second sub open department information corresponding to each main department node from a father node of the first department node to a root node and second sub open personnel information corresponding to personnel nodes of each main department node based on the organization hierarchy structure tree;
when the opening distance parameter is a positive integer and the minimum path distance value is greater than 1, acquiring third sub-opening department information corresponding to a second department node and third sub-opening personnel information corresponding to a personnel node of the second department node based on the organization hierarchical structure tree; wherein the minimum path distance value is a minimum value of a path distance threshold range corresponding to the open distance parameter; the second department node is a department node of which the first path distance is less than or equal to the minimum path distance value among the other department nodes; when the number of the same department nodes is more than 1, the path distance threshold range is more than or equal to the minimum first path distance of the same department nodes and less than the maximum first path distance of the same department nodes; when the number of peer department nodes is equal to 1, the path distance threshold range is greater than or equal to the minimum first path distance of the peer department nodes and less than the minimum first path distance plus 1.
Optionally, the personnel information includes information of a department responsible person or information of a department member;
the first openers information includes: department responsible person information and department member information corresponding to the personnel nodes of the first department node and the subordinate department nodes thereof, and department responsible person information corresponding to the personnel nodes of the other department nodes.
Optionally, in the apparatus, the apparatus further includes:
the acquisition unit of the second open department node is used for acquiring a second open department node corresponding to preset open department information based on the organization hierarchy structure tree; the preset open department information is open department information set for preset personnel information;
a second open information obtaining unit, configured to obtain, based on the organization hierarchy structure tree, second open department information corresponding to the second open department node and subordinate department nodes thereof, and second open staff information corresponding to staff nodes of the second open department node and subordinate department nodes thereof;
the acquisition unit of a first shielding department node is used for acquiring a first shielding department node corresponding to preset shielding department information based on the organization hierarchical structure tree; the preset shielding department information is shielding department information set for preset personnel information;
a first shielding information obtaining unit, configured to obtain, based on the organization hierarchy structure tree, first shielding department information corresponding to the first shielding department node and a subordinate department node thereof, and first shielding personnel information corresponding to personnel nodes of the first shielding department node and the subordinate department node thereof;
an open department union information obtaining unit, configured to obtain open department union information based on the first open department information and the second open department information;
the third opening department information obtaining unit is used for deleting the first shielding department information from the opening department union information to obtain third opening department information;
an acquiring openers union information unit, configured to acquire openers union information based on the first openers information and the second openers information;
and the third opening person information obtaining unit is used for deleting the first shielding person information from the opening person union information to obtain third opening person information.
Optionally, in the apparatus, the apparatus further includes:
a generation open structure tree unit for generating an open structure tree for preset personnel information based on the third opening department information and the third opening personnel information; wherein the open structure tree comprises a third department node and a third person node; the third department node is a father node in the open structure tree and comprises third open department information; the third personnel node is a leaf node in the open structure tree and comprises a father node corresponding to third open department information subordinate to the third open department information.
The embodiment of the disclosure realizes the security protection of sensitive information such as enterprise personnel information and organizational structure. Through automatic processing, manual intervention on personnel information and department information is reduced, management efficiency is improved, and the risk problems of misoperation and malicious operation are reduced.
The third embodiment of the present disclosure provides an electronic device, where the electronic device is used in a method for managing permissions, and the electronic device includes: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the one processor to cause the at least one processor to perform the method of managing rights according to the first embodiment.
The disclosed embodiments provide a fourth embodiment, which is a computer storage medium for managing permissions, the computer storage medium storing computer-executable instructions, the computer-executable instructions being capable of executing the method for managing permissions as described in the first embodiment.
Referring now to FIG. 5, shown is a schematic diagram of an electronic device suitable for use in implementing embodiments of the present disclosure. The terminal device in the embodiments of the present disclosure may include, but is not limited to, a mobile terminal such as a mobile phone, a notebook computer, a digital broadcast receiver, a PDA (personal digital assistant), a PAD (tablet computer), a PMP (portable multimedia player), a vehicle terminal (e.g., a car navigation terminal), and the like, and a stationary terminal such as a digital TV, a desktop computer, and the like. The electronic device shown in fig. 5 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.
As shown in fig. 5, the electronic device may include a processing means (e.g., central processing unit, graphics processor, etc.) 501 that may perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM)502 or a program loaded from a storage means 508 into a Random Access Memory (RAM) 503. In the RAM 503, various programs and data necessary for the operation of the electronic apparatus are also stored. The processing device 501, the ROM 502, and the RAM 503 are connected to each other through a bus 504. An input/output (I/O) interface 505 is also connected to bus 504.
Generally, the following devices may be connected to the I/O interface 505: input devices 506 including, for example, a touch screen, touch pad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, etc.; output devices 507 including, for example, a Liquid Crystal Display (LCD), speakers, vibrators, and the like; storage devices 508 including, for example, magnetic tape, hard disk, etc.; and a communication device 509. The communication means 509 may allow the electronic device to communicate with other devices wirelessly or by wire to exchange data. While fig. 5 illustrates an electronic device having various means, it is to be understood that not all illustrated means are required to be implemented or provided. More or fewer devices may alternatively be implemented or provided.
In particular, according to an embodiment of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program carried on a non-transitory computer readable medium, the computer program containing program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication means 509, or installed from the storage means 508, or installed from the ROM 502. The computer program performs the above-described functions defined in the methods of the embodiments of the present disclosure when executed by the processing device 501.
It should be noted that the computer readable medium in the present disclosure can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In contrast, in the present disclosure, a computer readable signal medium may comprise a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.
In some embodiments, the clients, servers may communicate using any currently known or future developed network Protocol, such as HTTP (HyperText Transfer Protocol), and may interconnect with any form or medium of digital data communication (e.g., a communications network). Examples of communication networks include a local area network ("LAN"), a wide area network ("WAN"), the Internet (e.g., the Internet), and peer-to-peer networks (e.g., ad hoc peer-to-peer networks), as well as any currently known or future developed network.
The computer readable medium may be embodied in the electronic device; or may exist separately without being assembled into the electronic device.
Computer program code for carrying out operations for the present disclosure may be written in any combination of one or more programming languages, including but not limited to an object oriented programming language such as Java, Smalltalk, C + +, and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present disclosure may be implemented by software or hardware. Where the name of an element does not in some cases constitute a limitation on the element itself.
The functions described herein above may be performed, at least in part, by one or more hardware logic components. For example, without limitation, exemplary types of hardware logic components that may be used include: field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), systems on a chip (SOCs), Complex Programmable Logic Devices (CPLDs), and the like.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The foregoing description is only exemplary of the preferred embodiments of the disclosure and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the disclosure herein is not limited to the particular combination of features described above, but also encompasses other embodiments in which any combination of the features described above or their equivalents does not depart from the spirit of the disclosure. For example, the above features and (but not limited to) the features disclosed in this disclosure having similar functions are replaced with each other to form the technical solution.
Further, while operations are depicted in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order. Under certain circumstances, multitasking and parallel processing may be advantageous. Likewise, while several specific implementation details are included in the above discussion, these should not be construed as limitations on the scope of the disclosure. Certain features that are described in the context of separate embodiments can also be implemented in combination in a single embodiment. Conversely, various features that are described in the context of a single embodiment can also be implemented in multiple embodiments separately or in any suitable subcombination.
Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims.
Claims (8)
1. A method of managing permissions, comprising:
acquiring an organization hierarchical structure tree; wherein the organization hierarchy tree comprises department nodes and personnel nodes; the department node is a father node in the organization hierarchical structure tree and comprises department information; the personnel nodes are leaf nodes in the organization hierarchical structure tree and comprise personnel information belonging to department information corresponding to a parent node of the personnel nodes;
calculating first path distances from a first department node to other department nodes in the organization hierarchical structure tree; the first department node is a father node of a personnel node corresponding to the preset personnel information;
acquiring first opening department information aiming at preset personnel information and first opening personnel information corresponding to the first opening department information based on a preset authority rule, an opening distance parameter, the first path distance and the organization level structure tree; the opening distance parameter is an integer and is used for controlling the range of opening department information and opening personnel information;
the other department nodes comprise each main department node from a father node of the first department node to a root node in the organization hierarchical structure tree and the adjacent department nodes of the same level of each main department node;
the first path distance is a number of edges of the first department node to the other department nodes in the organizational hierarchy tree.
2. The method of claim 1, wherein the first open-department information comprises: first sub open division information, second sub open division information, and third sub open division information; the first openers information includes: first sub-opener information, second sub-opener information, and third sub-opener information;
the preset authority rules comprise the following rules:
acquiring first sub-open department information corresponding to the first department node and the subordinate department nodes thereof and first sub-open personnel information corresponding to the personnel nodes of the first department node and the subordinate department nodes thereof based on the organization hierarchy structure tree;
acquiring second sub open department information corresponding to each main department node from a father node of the first department node to a root node and second sub open personnel information corresponding to personnel nodes of each main department node based on the organization hierarchy structure tree;
when the opening distance parameter is a positive integer and the minimum path distance value is greater than 1, acquiring third sub-opening department information corresponding to a second department node and third sub-opening personnel information corresponding to a personnel node of the second department node based on the organization hierarchical structure tree; wherein the minimum path distance value is a minimum value of a path distance threshold range corresponding to the open distance parameter; the second department node is a department node of which the first path distance is less than or equal to the minimum path distance value among the other department nodes; when the number of the same department nodes is more than 1, the path distance threshold range is more than or equal to the minimum first path distance of the same department nodes and less than the maximum first path distance of the same department nodes; when the number of peer department nodes is equal to 1, the path distance threshold range is greater than or equal to the minimum first path distance of the peer department nodes and less than the minimum first path distance plus 1.
3. The method of claim 2, wherein the personnel information comprises department leader information or department member information;
the first openers information includes: department responsible person information and department member information corresponding to the personnel nodes of the first department node and the subordinate department nodes thereof, and department responsible person information corresponding to the personnel nodes of the other department nodes.
4. The method of claim 1, further comprising:
acquiring a second open department node corresponding to preset open department information based on the organization hierarchy structure tree; the preset open department information is open department information set for preset personnel information;
acquiring second open department information corresponding to the second open department node and the subordinate department nodes thereof and second open personnel information corresponding to personnel nodes of the second open department node and the subordinate department nodes thereof based on the organization hierarchy structure tree;
acquiring a first shielding department node corresponding to preset shielding department information based on the organization hierarchy structure tree; the preset shielding department information is shielding department information set for preset personnel information;
acquiring first shielding department information corresponding to the first shielding department node and subordinate department nodes thereof and first shielding personnel information corresponding to personnel nodes of the first shielding department node and subordinate department nodes thereof based on the organization hierarchy structure tree;
acquiring open department union information based on the first open department information and the second open department information;
deleting the first shielding department information from the open department union information to obtain third open department information;
acquiring openers union information based on the first openers information and the second openers information;
and deleting the first shielding personnel information from the open personnel union information to obtain third open personnel information.
5. The method of claim 4, further comprising:
generating an open structure tree for preset personnel information based on the third opening department information and the third opening personnel information; wherein the open structure tree comprises a third department node and a third person node; the third department node is a father node in the open structure tree and comprises third open department information; the third personnel node is a leaf node in the open structure tree and comprises a father node corresponding to third open department information subordinate to the third open department information.
6. An apparatus for managing permissions, comprising:
acquiring an organization hierarchical structure tree unit for acquiring an organization hierarchical structure tree; wherein the organization hierarchy tree comprises department nodes and personnel nodes; the department node is a father node in the organization hierarchical structure tree and comprises department information; the personnel nodes are leaf nodes in the organization hierarchical structure tree and comprise personnel information belonging to department information corresponding to a parent node of the personnel nodes;
a path distance calculating unit, configured to calculate a first path distance from a first department node to another department node in the organization hierarchy tree; the first department node is a father node of a personnel node corresponding to the preset personnel information;
a first open information obtaining unit, configured to obtain, based on a preset authority rule, an open distance parameter, the first path distance, and the organization hierarchy tree, first open department information for preset person information and first open person information corresponding to the first open department information; the opening distance parameter is an integer and is used for controlling the range of opening department information and opening personnel information;
the other department nodes comprise each main department node from a father node of the first department node to a root node in the organization hierarchical structure tree and the adjacent department nodes of the same level of each main department node;
the first path distance is a number of edges of the first department node to the other department nodes in the organizational hierarchy tree.
7. A computer-readable storage medium, on which a computer program is stored, which program, when being executed by a processor, carries out the method according to any one of claims 1 to 5.
8. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to carry out the method of any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911107587.5A CN111027091B (en) | 2019-11-13 | 2019-11-13 | Method, device, medium and electronic equipment for managing authority |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911107587.5A CN111027091B (en) | 2019-11-13 | 2019-11-13 | Method, device, medium and electronic equipment for managing authority |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111027091A CN111027091A (en) | 2020-04-17 |
| CN111027091B true CN111027091B (en) | 2022-04-22 |
Family
ID=70205611
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911107587.5A Active CN111027091B (en) | 2019-11-13 | 2019-11-13 | Method, device, medium and electronic equipment for managing authority |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111027091B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113553587B (en) * | 2021-06-21 | 2024-02-23 | 深信服科技股份有限公司 | File detection method, device, equipment and readable storage medium |
| CN113591209B (en) * | 2021-07-14 | 2024-02-13 | 中国舰船研究设计中心 | Method for quickly creating and exporting structural tree of large ship product and electronic equipment |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104182503A (en) * | 2014-08-18 | 2014-12-03 | 上海众恒信息产业股份有限公司 | Cloud platform data access safety isolation method |
| CN105677651A (en) * | 2014-11-18 | 2016-06-15 | 方正国际软件(北京)有限公司 | Permission tree generation method and device |
| CN106778306A (en) * | 2016-12-16 | 2017-05-31 | 国云科技股份有限公司 | A kind of Permission Design method based on JavaEJB frameworks |
| CN107770146A (en) * | 2016-08-23 | 2018-03-06 | 北京嘀嘀无限科技发展有限公司 | A kind of user data authority control method and device |
| CN108205628A (en) * | 2016-12-20 | 2018-06-26 | 珠海金山办公软件有限公司 | A kind of authority application method and device |
| CN109801347A (en) * | 2019-01-25 | 2019-05-24 | 北京字节跳动网络技术有限公司 | A kind of generation method, device, equipment and the medium of editable image template |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8132227B2 (en) * | 2008-04-11 | 2012-03-06 | International Business Machines Corporation | Data management in a computer system |
| JP5807640B2 (en) * | 2010-09-22 | 2015-11-10 | 日本電気株式会社 | Access right permission / inhibition generation device, access right permission / inhibition generation method, program, and access control system |
| CN109242420B (en) * | 2018-08-22 | 2023-10-13 | 中国平安人寿保险股份有限公司 | Authority control method, authority control device, electronic equipment and storage medium |
| CN110442752A (en) * | 2019-07-05 | 2019-11-12 | 中国平安人寿保险股份有限公司 | Organizational structure drawing generating method, device, computer equipment and storage medium |
-
2019
- 2019-11-13 CN CN201911107587.5A patent/CN111027091B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104182503A (en) * | 2014-08-18 | 2014-12-03 | 上海众恒信息产业股份有限公司 | Cloud platform data access safety isolation method |
| CN105677651A (en) * | 2014-11-18 | 2016-06-15 | 方正国际软件(北京)有限公司 | Permission tree generation method and device |
| CN107770146A (en) * | 2016-08-23 | 2018-03-06 | 北京嘀嘀无限科技发展有限公司 | A kind of user data authority control method and device |
| CN106778306A (en) * | 2016-12-16 | 2017-05-31 | 国云科技股份有限公司 | A kind of Permission Design method based on JavaEJB frameworks |
| CN108205628A (en) * | 2016-12-20 | 2018-06-26 | 珠海金山办公软件有限公司 | A kind of authority application method and device |
| CN109801347A (en) * | 2019-01-25 | 2019-05-24 | 北京字节跳动网络技术有限公司 | A kind of generation method, device, equipment and the medium of editable image template |
Non-Patent Citations (3)
| Title |
|---|
| Hierarchical authority key-policy attribute-based encryption;Lin You 等;《2015 IEEE 16th International Conference on Communication Technology (ICCT)》;20160208;全文 * |
| 一种基于过滤技术的访问控制方案设计;杨树林 等;《北京印刷学院学报》;20070604;第15卷(第2期);全文 * |
| 基于资源权限树和规则引擎的权限控制模型;万思;《金融科技时代》;20121110;第2012卷(第11期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111027091A (en) | 2020-04-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20200293679A1 (en) | Privacy Preserving Data Deletion | |
| US9628417B2 (en) | Time conversion in an instant message | |
| US10243897B2 (en) | Automatic and dynamic management of instant messenger do not disturb state via enterprise application | |
| US20160179800A1 (en) | Revision management | |
| US10216735B2 (en) | Social networking response management system | |
| US9576124B2 (en) | Multi-level password authorization | |
| US11646020B2 (en) | Communication notification management | |
| CN112487451B (en) | Display method and device and electronic equipment | |
| CN111027091B (en) | Method, device, medium and electronic equipment for managing authority | |
| US10965634B2 (en) | Electronic communication management | |
| US9014634B2 (en) | Social network based Wi-Fi connectivity | |
| CN115344688B (en) | Business data display method and device, electronic equipment and computer readable medium | |
| US20210157867A1 (en) | User-specific summary generation based on communication content analysis | |
| US9367542B2 (en) | Facilitating access to resource(s) idenfitied by reference(s) included in electronic communications | |
| US10268833B2 (en) | Method for conditional permission control in a digital data sheet based on a formula | |
| US10205768B2 (en) | Facility for initiating automatic exchange of file(s) between mobile devices | |
| US10225225B2 (en) | Cognitive and context driven notification generation on a collaborative platform | |
| CN115248933B (en) | Authority setting method, device, equipment and medium | |
| US10652182B1 (en) | Unlocking emoticons based on professional skills | |
| US20200137515A1 (en) | Facilitating proximity based connections at an event | |
| US10375180B2 (en) | Following content posting entities |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100041 B-0035, 2 floor, 3 building, 30 Shixing street, Shijingshan District, Beijing. Patentee after: Tiktok vision (Beijing) Co.,Ltd. Address before: 100041 B-0035, 2 floor, 3 building, 30 Shixing street, Shijingshan District, Beijing. Patentee before: BEIJING BYTEDANCE NETWORK TECHNOLOGY Co.,Ltd. Address after: 100041 B-0035, 2 floor, 3 building, 30 Shixing street, Shijingshan District, Beijing. Patentee after: Douyin Vision Co.,Ltd. Address before: 100041 B-0035, 2 floor, 3 building, 30 Shixing street, Shijingshan District, Beijing. Patentee before: Tiktok vision (Beijing) Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder |