CN111079127A - User grading authorization management method and device of information system - Google Patents
User grading authorization management method and device of information system Download PDFInfo
- Publication number
- CN111079127A CN111079127A CN201911141036.0A CN201911141036A CN111079127A CN 111079127 A CN111079127 A CN 111079127A CN 201911141036 A CN201911141036 A CN 201911141036A CN 111079127 A CN111079127 A CN 111079127A
- Authority
- CN
- China
- Prior art keywords
- hierarchical
- authority
- level
- menu
- administrator
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to the technical field of information management, in particular to a user grading authorization management method and a device of an information system, wherein the method comprises the following steps: establishing a hierarchical authorization correlation table in a database so that an information system respectively sets hierarchical managers for each administrative district under each administrative district level, and the hierarchical managers are responsible for authority management of users in corresponding administrative districts; wherein, the hierarchical authorization related table comprises a menu hierarchical authorization table and a function hierarchical authorization table; the menu hierarchical authorization table stores the menu authority of each hierarchical manager; the function grading authorization table stores the system authority of each grading administrator. The invention can respectively set hierarchical managers aiming at each administrative district under each administrative level and responsible for the authority management of users in the corresponding administrative district, effectively improves the management efficiency of the user authority compared with the traditional system manager, and can realize the authority isolation and the authority distribution responsibility transparentization of different administrative areas.
Description
[ technical field ] A method for producing a semiconductor device
The invention relates to the technical field of information management, in particular to a user grading authorization management method and device of an information system.
[ background of the invention ]
In an information system, different system operating rights for different users are all achieved through rights management. At present, the authority management means basically extracts a group of system authorities required by different users according to administrative divisions, organization departments and the like of the users, creates roles, grants the system authorities to the roles through a system administrator, and finally classifies the users of different categories into different roles.
The method for granting role authority and distributing the role authority to different users by the system administrator can better realize authority management in a system with few users, few system menu functions and low system user authority classification requirements. However, for a system with a large number of users and complicated user types, and a large variation in the operation authority requirement of each user on the system, it is not appropriate to simply manage the system authority requirement of such multiple users by a system administrator, which causes the system administrator to spend a lot of time to process the user authority, and the authority management is more and more disordered along with the change of the user requirement.
Taking a certain provincial territorial information system in Yunnan province as an example, users of the information system comprise provincial organ users, 16 local bureaus and department users of 16 cities in Yunnan province, and 129 district and country bureaus and territories in Yunnan province, and the system users are unrealistic if the system administrators manage system permissions.
In view of the above, it is an urgent problem in the art to overcome the above-mentioned drawbacks of the prior art.
[ summary of the invention ]
The technical problems to be solved by the invention are as follows:
in the traditional method, the authority management is realized by only granting role authority by one system administrator and distributing the role authority to different users, so that for a system with a large number of users, complex user types and large change of operation authority requirements of each user on the system, the system administrator needs to spend a large amount of time for processing the user authority, and the authority management is more and more disordered along with the change of the user requirements.
The invention achieves the above purpose by the following technical scheme:
in a first aspect, the present invention provides a method for managing user hierarchical authorization in an information system, including:
establishing a hierarchical authorization correlation table in a database so that an information system respectively sets hierarchical managers for each administrative district under each administrative district level, and the hierarchical managers are responsible for authority management of users in corresponding administrative districts so as to realize hierarchical authorization management;
wherein, the hierarchical authorization correlation table comprises a menu hierarchical authorization table and a function hierarchical authorization table; the menu hierarchical authorization table stores the menu authority of each hierarchical manager, and the function hierarchical authorization table stores the system authority of each hierarchical manager.
Preferably, before creating the menu hierarchy authorization table and the function hierarchy authorization table in the database, the method further comprises:
creating a plurality of entity tables in a database so that the information system can realize the management of various entities;
the entity table comprises a user table, a role table, a system menu table, a system authority table and an organization department table; accordingly, the entity management includes user management, role management, menu management, authority management and organization department management.
Preferably, the entity table is used for storing various entity information; the user table is used for storing basic information of each user in the information system, and comprises one or more of a user name, a user account, a user login password, an administrative region to which the user belongs, an organization ID to which the user belongs and a department ID to which the user belongs;
the role table is used for storing basic information of each role in the information system, and the basic information comprises one or more of role names, role codes, role affiliated organization IDs and role affiliated department IDs;
the system menu list is used for storing menu information in the information system and comprises one or more items of menu names, menu codes, menu calling module codes and menu types;
the system authority table is used for storing authority information in an information system, and the authority information comprises an authority name and an authority number;
the organization department table is used for storing organization and department information in the information system, and comprises one or more of organization or department names, organization or department numbers, administrative divisions to which the organization or department belongs, and organizations to which the department belongs.
Preferably, before the creating the menu hierarchy authorization table and the function hierarchy authorization table in the database, and after the creating the plurality of entity tables in the database, the method further includes:
establishing a plurality of relation tables in a database so that the information system can realize the association among various entities;
the relationship table comprises a user role association table, a role menu association table, a menu authority association table and a role authority association table, and the association among the entities comprises a user associated role, a role associated menu and a menu associated authority.
Preferably, the relationship table is used for storing relationship data of each entity table; the user role association table is connected with the user table and the role table and used for storing roles owned by each user in the information system;
the role menu association table is connected with the role table and the system menu table and is used for storing the menu authority owned by each role in the information system;
the menu authority association table is connected with the system menu table and the system authority table and is used for storing the system authority owned by each menu in the information system;
the role authority association table is connected with the role table and the system authority table and used for storing the system authority owned by each role in the information system.
Preferably, the specific field stored in the menu hierarchical authorization table includes a user name and a menu number, and the specific field stored in the function hierarchical authorization table includes a user name and a permission number.
Preferably, the administrative regions of each administrative region at each administrative region division level are respectively provided with a hierarchical manager, and the hierarchical manager is responsible for authority management of users in the corresponding administrative regions, specifically:
dividing users into n levels according to administrative division levels, and setting one or more users at the highest level as a super administrator; wherein n is more than or equal to 2, and the super administrator is the highest-level hierarchical administrator and has the highest system authority and the most hierarchical authorities;
according to the order from high to low of the administrative division levels, a super administrator sets a hierarchical administrator for the jurisdiction where the next adjacent level user is located step by step, and grants a hierarchical authority for the next adjacent level hierarchical administrator step by step; wherein, each hierarchical administrator grants menu authority and system authority to users in the jurisdiction.
Preferably, when the hierarchical administrators are set step by step, each hierarchical administrator sets one or more users in the administrative district of the next adjacent level as the hierarchical administrator corresponding to the administrative district, so that each administrative district of each administrative division level has its own hierarchical administrator;
when the classification authority is granted step by step, each classification administrator grants the existing partial classification authority to the next adjacent classification administrator, so that the authority of the classification authorization of each classification administrator is gradually decreased from high to low according to the administrative division level.
Preferably, for four administrative division levels of country, province, city and county, a hierarchical manager is respectively arranged for each administrative division district under each administrative division level, and the hierarchical manager is responsible for the authority management of users in the corresponding administrative districts, specifically:
dividing users into country-level users, provincial-level users, city-level users and district-county-level users according to administrative division levels;
selecting one or more country-level users as a country-level administrator; wherein the national level administrator has the highest system authority and the most hierarchical authority;
the state-level administrator respectively selects one or more provincial users as provincial administrators corresponding to provinces in the whole country, and grants the existing partial classification authority to each provincial administrator;
the provincial administrator respectively selects one or more city-level users as city-level administrators corresponding to each city of the whole province, and grants partial classification authority of the provincial administrator to each city-level administrator;
and the city-level administrator respectively selects one or more district-level users as district-level administrators corresponding to each district and each county of the whole city, and grants partial grading authority of the city-level administrators.
In a second aspect, the present invention further provides a hierarchical authorization management apparatus for users of an information system, including at least one processor and a memory, where the at least one processor and the memory are connected through a data bus, and the memory stores instructions executable by the at least one processor, where the instructions are executed by the processor to complete the hierarchical authorization management method for users of the information system according to the first aspect.
Compared with the prior art, the invention has the beneficial effects that:
in the user hierarchical authorization management method provided by the invention, the menu hierarchical authorization table and the function hierarchical authorization table are added on the basis of the traditional database structure, the information system can respectively set hierarchical managers for each administrative district under each administrative district level, and the hierarchical managers are responsible for the authority management of users in the corresponding administrative districts. Compared with the traditional method that only one system administrator maintains the user authority, the method realizes the hierarchical authorization and management and effectively improves the management efficiency of the user authority; moreover, since each jurisdiction can only be authorized by a corresponding hierarchical administrator in a hierarchical manner, the permission isolation and permission distribution responsibility transparentization of different jurisdiction intervals can be realized.
[ description of the drawings ]
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required to be used in the embodiments of the present invention will be briefly described below. It is obvious that the drawings described below are only some embodiments of the invention, and that for a person skilled in the art, other drawings can be derived from them without inventive effort.
FIG. 1 is a flowchart of a user hierarchical authorization management on a database structure design according to an embodiment of the present invention;
FIG. 2 is a diagram illustrating a database table structure design according to an embodiment of the present invention;
FIG. 3 is a flowchart of a user hierarchical authorization management implemented on an information system according to an embodiment of the present invention;
fig. 4 is a flowchart illustrating hierarchical authorization and management when four administrative division levels are involved in an information system according to an embodiment of the present invention;
FIG. 5 is a level diagram of a level four hierarchical administrator according to an embodiment of the present invention;
fig. 6 is a user hierarchical authorization management device architecture diagram of an information system according to an embodiment of the present invention.
[ detailed description ] embodiments
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
In the embodiments of the present invention, the symbol "/" indicates the meaning of having both functions, and the symbol "a and/or B" indicates that the combination between the preceding and following objects connected by the symbol includes three cases of "a", "B", "a and B".
In addition, the technical features involved in the embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other. The invention will be described in detail below with reference to the figures and examples.
Example 1:
the embodiment of the invention provides a user hierarchical authorization management method of an information system, which is expected to realize hierarchical authorization according to administrative district levels, namely, a hierarchical manager is respectively arranged in each administrative district under each administrative level, and the hierarchical manager sets and manages system permission for the corresponding administrative district, so that the problem that only one system manager can set system permission for all users in the traditional system is solved.
In the traditional scheme, two types of data tables, namely an entity table and a relation table, are mainly designed on the structural design of the information system background database, and the system authority management is designed and recorded by the entity table and the relation table. In the embodiment of the invention, a hierarchical authorization related table is additionally arranged on the structural design of the information system background database besides the entity table and the relation table, and the system authority management is designed and stored by the entity table, the relation table and the hierarchical authorization related table, so that hierarchical authorization and hierarchical management are realized by a hierarchical manager.
Referring to fig. 1, analyzing on the structural design of the information system background database, the user hierarchical authorization management method provided by the embodiment of the present invention is mainly implemented by the following steps:
With reference to fig. 2, the entity table is mainly used for storing various entity information, including a user table, a role table, a system menu table, a system authority table, and an organization department table; accordingly, the entity management includes user management, role management, menu management, authority management and organization department management. Wherein the action and composition of each entity surface are as follows:
the user table is used for storing basic information of each user in the information system, and comprises one or more items of information such as a user name, a user account, a user login password, an administrative division to which the user belongs (usually, a corresponding administrative division code), an organization ID to which the user belongs, a department ID to which the user belongs, and the like;
the role table is used for storing basic information of each role in the information system, and the basic information comprises one or more items of information such as role names, role codes, role affiliated organization IDs and role affiliated department IDs;
the system menu list is used for storing all menu information in the information system, and comprises one or more items of information such as menu names, menu codes, menu calling module codes, menu types and the like;
the system authority table is used for storing all authority information in the information system, including authority names, authority numbers and the like;
the organization department table is used for storing all organization and department information in the information system, and comprises one or more items of information such as organization or department names, organization or department numbers, administrative divisions to which the organization or department belongs (usually corresponding administrative division codes), organizations to which the department belongs, and the like.
With continuing reference to fig. 2, the relationship table is mainly used for storing relationship data of each entity table, including a user role association table, a role menu association table, a menu authority association table, and a role authority association table, which are also referred to as a user role table, a role menu authority table, a menu authority table, and a role function authority table in fig. 2, respectively; the associations between the entities include user associated roles, role associated menus, and menu associated permissions. Wherein, the function and the composition of each relation table are as follows:
the user role association table is connected with the user table and the role table and is used for storing roles owned by each user in the information system, namely the roles owned by each user;
the role menu association table is connected with the role table and the system menu table and is used for storing menu authorities owned by each role in the information system, namely which menu authorities are owned by each role;
the menu authority association table is connected with the system menu table and the system authority table and is used for storing the system authority owned by each menu in the information system, namely which system authorities each menu owns;
the role authority association table is connected with the role table and the system authority table and is used for storing system authorities owned by each role in the information system, namely, which system authorities each role owns.
With continued reference to fig. 2, the hierarchical authorization correlation table is mainly used to store the correlation information of the hierarchical authorization, including the menu hierarchical authorization table and the function hierarchical authorization table. The menu hierarchical authorization table stores the menu authority of each hierarchical administrator, and the specific field includes a user name (i.e., a user name corresponding to a user who is a hierarchical administrator) and a menu number, as shown in fig. 2; the function hierarchical authorization table stores the system authority of each hierarchical administrator, and the stored specific fields include a user name and an authority number, as shown in fig. 2.
Through steps 201-203, in terms of structural design of the background database, the invention creates an entity table, a relation table and a hierarchical authorization correlation table to store various information, and provides a basis for design of system authority management. Further, in terms of the functional implementation of the information system, referring to fig. 3 in particular, the hierarchical authorization management of the user mainly includes the following steps:
And 303, respectively setting a grading manager for each administrative district under each administrative district grading level by the information system according to the field information of the menu grading authorization table and the function grading authorization table in the database, wherein the grading manager is responsible for the authority management of the users in the corresponding administrative districts. The specific process is as follows:
firstly, dividing users into n levels according to administrative division levels, and setting one or more users at the highest level as a super administrator; and n is more than or equal to 2, and the super administrator is the highest-level hierarchical administrator and has the highest system authority and the most hierarchical authorities. Of course, as the highest level hierarchical administrator, the hypervisor typically has all of the hierarchical rights. When the user is classified, the level of the administrative division to which the user belongs may be determined by specifically combining the administrative division code to which the user belongs in the user table, and then the level of the user is determined.
Secondly, according to the order from high to low of the administrative division levels, a super administrator sets a hierarchical administrator for the jurisdiction where the next adjacent level user is located step by step, and grants a hierarchical authority for the next adjacent level hierarchical administrator step by step. When the hierarchical managers are set step by step, each hierarchical manager is only allowed to set the hierarchical manager for the district where the adjacent next-level user is located in the system, namely, each hierarchical manager can only set one or more users (namely, next-level users) in the adjacent next-level district as the hierarchical manager corresponding to the district (namely, next-level district); and when the classification authority is granted step by step, each classification manager can grant the existing partial classification authority to the next adjacent classification manager. By analogy, each administrative district under each administrative district level can own its own hierarchical manager, and the authority of each hierarchical manager for hierarchical authorization is gradually decreased from the high to the low of the administrative district level.
In a specific embodiment, taking four common administrative division levels (i.e., country, province, city, and prefecture) as an example, the hierarchical administrators are respectively set for each administrative division area under each administrative division level, and the hierarchical administrators are responsible for the authority management of users in their corresponding administrative districts, that is, the process of hierarchical authorization management corresponding to step 303, which may specifically refer to fig. 4 and 5, includes the following steps:
Taking a certain provincial territorial information system in Yunnan province as an example, users of the system comprise provincial organ users, 16 local office users in all cities in Yunnan province, and 129 local office users in all local offices in all counties in Yunnan province. In the system, users of provincial organs are provincial users, users of departments and offices of each local country of 16 municipalities in Yunnan province are municipal users, and users of departments and offices of local countries of 129 counties in Yunnan province are county users. If the system is a state-soil information system of a certain country level, the using personnel of the state-level organ of the system are corresponding country-level users. Obviously, the user level gradually decreases in the order of the country level user, the provincial level user, the city level user, and the prefecture level user.
The state level users are users with the highest level, one or more state level users are initialized and set as state level administrators by the information system, and the state level administrators are correspondingly hierarchical administrators with the highest level, have the highest system authority and simultaneously possess all the hierarchical authorities so as to be distributed to the hierarchical administrators of the lower level. One or more national administrators can be set, and the national administrators can be specifically selected according to actual application needs, which is not limited herein. In addition, the country-level administrator is mainly responsible for granting menu rights and system rights to users within its jurisdiction (i.e., country-level users).
The state-level administrator can set each provincial user in the country as a provincial administrator; for each provincial jurisdiction, one or more corresponding provincial administrators can be set, and the provincial administrators can be specifically selected according to actual application needs, which is not limited herein. In addition, the provincial administrator is mainly responsible for granting menu rights and system rights to users in the province to which the provincial administrator belongs (i.e., provincial users).
And step 404, the provincial administrator selects one or more city level users as city level administrators corresponding to each city of the whole province respectively, and grants part of the existing classification authority to each city level administrator.
The provincial administrator can set each city level user in the province as a city level administrator, for example, the provincial administrator in Hubei province can set each city level user in Hubei province as a city level administrator. For each city-level jurisdiction, one or more corresponding city-level administrators can be set, and the administrator can be specifically selected according to actual application needs, which is not limited herein. In addition, the city level administrator is mainly responsible for granting menu authority and system authority to users in the city to which the administrator belongs (namely, the city level users).
The city-level administrator may set each district-level user in the city to be a district-level administrator, for example, the city-level administrator in wuhan city may set each district-level user in the prefecture of wuhan city to be a district-level administrator. For each district-level prefecture, one or more corresponding district-level administrators can be set, and the administrator can be specifically selected according to the actual application needs, which is not limited herein. In addition, the county level administrator is mainly responsible for granting menu rights and system rights to users in the county to which the county level administrator belongs (i.e., county level users).
In combination with steps 401-405, only a hierarchical administrator can grant menu rights and system rights (also called functional rights) to a user, and the hierarchical administrator can grant menu rights and system rights only to users in the corresponding jurisdiction. When each hierarchical manager sets the user at the lower level as the hierarchical manager at the lower level, only part of the hierarchical rights can be allocated to the user from the existing hierarchical rights of the hierarchical manager, and the hierarchical rights not included in the hierarchical manager cannot be allocated to the hierarchical manager at the lower level.
Referring to fig. 5, a circle in which each hierarchical administrator is located may represent a jurisdiction to which the hierarchical administrator is correspondingly responsible, and in the figure, for example, each hierarchical administrator is correspondingly provided with one hierarchical administrator, each hierarchical administrator is mainly responsible for granting menu rights and system rights to users in the jurisdiction; meanwhile, each grading manager is also responsible for setting the grading manager of the next grade and granting grading authorization to the grading manager of the next grade.
In the above embodiment, the information system is related to four administrative division levels (i.e., country, province, city, prefecture, etc.) as an example. In alternative embodiments, the information system may also relate to only two or three of the administrative division levels, for example, to countries and provinces, or provinces and cities, or cities and counties, or provinces, cities and counties; of course, it is also possible to involve more levels of administrative divisions, for example, the next level of a county, but also towns, villages, etc. No matter how many administrative division levels are, the method of hierarchical authorization and hierarchical management can refer to the above embodiment when four administrative division levels are involved, so that each administrative division district under each administrative division level has its own hierarchical manager, the hierarchical manager is responsible for user authority management in its corresponding district, and the authority of hierarchical authorization of each hierarchical manager is gradually decreased from high to low according to the administrative division levels.
In a preferred embodiment, the hierarchical authorization and hierarchical management of users of the information system can be better realized by taking the waf4 framework as a basis, utilizing java language programming, taking oracle as a background database and taking the data table structure provided in fig. 2 as a basis to realize the related functions of the system.
The invention is characterized in that: in the aspect of data structure design, a system authority management part comprises various entity tables and relationship tables, and the table design realizes that the system manages system authorization through users, roles, menus and authorities. Accordingly, in terms of system function implementation, functions of user management, role management, authority management, menu management and the like are all achieved.
The invention is characterized in that: on the design of a data structure, a menu hierarchical authorization table and a function hierarchical authorization table are additionally arranged, and information of hierarchical management and hierarchical authorization is stored in the two newly arranged tables; the menu hierarchical authorization table stores hierarchical menu authority of a hierarchical administrator, and the function hierarchical authorization table stores hierarchical function authority of the hierarchical administrator. Correspondingly, in the aspect of system function realization, a super manager is used as a highest-level hierarchical manager, hierarchical managers are set for adjacent next-level users step by step according to administrative divisions, hierarchical authorities are granted to the adjacent hierarchical managers step by step from the super manager down, and finally the purpose that users in all administrative levels and administrative districts are managed and authorized by the hierarchical manager at the current level is achieved.
In summary, in the user hierarchical authorization management method provided in the embodiment of the present invention, a menu hierarchical authorization table and a function hierarchical authorization table are added on the basis of a traditional database structure, based on the hierarchical authorization table, an information system may set hierarchical administrators for each administrative district at each administrative district rating level, and the hierarchical administrators are responsible for authority management of users in their corresponding administrative districts. Compared with the traditional method that only one system administrator maintains the user authority, the method realizes the hierarchical authorization and management and effectively improves the management efficiency of the user authority; moreover, because each hierarchical manager is divided according to the administrative level and the administrative district, each district can only be authorized by the corresponding hierarchical manager in a hierarchical manner, and the permission isolation and permission allocation responsibility transparentization of different district intervals can be realized.
Example 2:
on the basis of the user hierarchical authorization management method for the information system provided in the above embodiment 1, the present invention further provides a user hierarchical authorization management apparatus for an information system, which is capable of implementing the above method, as shown in fig. 6, which is a schematic diagram of an apparatus architecture in an embodiment of the present invention. The user hierarchical authorization management means of the information system of the present embodiment includes one or more processors 21 and a memory 22. In fig. 6, one processor 21 is taken as an example.
The processor 21 and the memory 22 may be connected by a bus or other means, and fig. 6 illustrates the connection by a bus as an example.
The memory 22, which is a nonvolatile computer-readable storage medium for a user rating authorization management method of an information system, may be used to store nonvolatile software programs, nonvolatile computer-executable programs, and modules, such as the user rating authorization management method of the information system in embodiment 1. The processor 21 executes various functional applications and data processing of the user rating authorization management device of the information system by executing the nonvolatile software program, instructions and modules stored in the memory 22, that is, implements the user rating authorization management method of the information system of embodiment 1.
The memory 22 may include high speed random access memory and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some embodiments, the memory 22 may optionally include memory located remotely from the processor 21, and these remote memories may be connected to the processor 21 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The program instructions/modules are stored in the memory 22, and when executed by the one or more processors 21, perform the user hierarchical authorization management method of the information system in embodiment 1 described above, for example, perform the respective steps shown in fig. 1, 3, and 4 described above.
Those of ordinary skill in the art will appreciate that all or part of the steps of the various methods of the embodiments may be implemented by associated hardware as instructed by a program, which may be stored on a computer-readable storage medium, which may include: a Read Only Memory (ROM), a Random Access Memory (RAM), a magnetic or optical disk, or the like.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.
Claims (10)
1. A user hierarchical authorization management method for an information system, comprising:
establishing a hierarchical authorization correlation table in a database so that an information system respectively sets hierarchical managers for each administrative district under each administrative district level, and the hierarchical managers are responsible for authority management of users in corresponding administrative districts so as to realize hierarchical authorization management;
wherein, the hierarchical authorization correlation table comprises a menu hierarchical authorization table and a function hierarchical authorization table; the menu hierarchical authorization table stores the menu authority of each hierarchical manager, and the function hierarchical authorization table stores the system authority of each hierarchical manager.
2. The method of managing user hierarchical authorization in an information system according to claim 1, wherein before creating a menu hierarchical authorization table and a function hierarchical authorization table in a database, the method further comprises:
creating a plurality of entity tables in a database so that the information system can realize the management of various entities;
the entity table comprises a user table, a role table, a system menu table, a system authority table and an organization department table; accordingly, the entity management includes user management, role management, menu management, authority management and organization department management.
3. The method of claim 2, wherein the entity table is used for storing various types of entity information; the user table is used for storing basic information of each user in the information system, and comprises one or more of a user name, a user account, a user login password, an administrative region to which the user belongs, an organization ID to which the user belongs and a department ID to which the user belongs;
the role table is used for storing basic information of each role in the information system, and the basic information comprises one or more of role names, role codes, role affiliated organization IDs and role affiliated department IDs;
the system menu list is used for storing menu information in the information system and comprises one or more items of menu names, menu codes, menu calling module codes and menu types;
the system authority table is used for storing authority information in an information system, and the authority information comprises an authority name and an authority number;
the organization department table is used for storing organization and department information in the information system, and comprises one or more of organization or department names, organization or department numbers, administrative divisions to which the organization or department belongs, and organizations to which the department belongs.
4. The method of managing hierarchical authorization of users of an information system according to claim 2, wherein before the creating a menu hierarchical authorization table and a function hierarchical authorization table in the database and after the creating a plurality of entity tables in the database, the method further comprises:
establishing a plurality of relation tables in a database so that the information system can realize the association among various entities;
the relationship table comprises a user role association table, a role menu association table, a menu authority association table and a role authority association table, and the association among the entities comprises a user associated role, a role associated menu and a menu associated authority.
5. The method of claim 4, wherein the relationship table is used for storing relationship data of each entity table; the user role association table is connected with the user table and the role table and used for storing roles owned by each user in the information system;
the role menu association table is connected with the role table and the system menu table and is used for storing the menu authority owned by each role in the information system;
the menu authority association table is connected with the system menu table and the system authority table and is used for storing the system authority owned by each menu in the information system;
the role authority association table is connected with the role table and the system authority table and used for storing the system authority owned by each role in the information system.
6. The method for managing user hierarchical authorization in an information system according to any one of claims 1 to 5, wherein the specific fields stored in the menu hierarchical authorization table include a user name and a menu number, and the specific fields stored in the function hierarchical authorization table include a user name and a permission number.
7. The method for managing user hierarchical authorization in an information system according to claim 1, wherein a hierarchical administrator is respectively provided for each administrative district under each administrative district level, and the hierarchical administrator is responsible for the authority management of users in the corresponding administrative district, specifically:
dividing users into n levels according to administrative division levels, and setting one or more users at the highest level as a super administrator; wherein n is more than or equal to 2, and the super administrator is the highest-level hierarchical administrator and has the highest system authority and the most hierarchical authorities;
according to the order from high to low of the administrative division levels, a super administrator sets a hierarchical administrator for the jurisdiction where the next adjacent level user is located step by step, and grants a hierarchical authority for the next adjacent level hierarchical administrator step by step; wherein, each hierarchical administrator grants menu authority and system authority to users in the jurisdiction.
8. The method of claim 7, wherein when the hierarchical administrators are set up level by level, each hierarchical administrator sets one or more users in the jurisdiction of the next level adjacent to the hierarchical administrator as the hierarchical administrator corresponding to the jurisdiction, so that each administrative district at each administrative district level has its own hierarchical administrator;
when the classification authority is granted step by step, each classification administrator grants the existing partial classification authority to the next adjacent classification administrator, so that the authority of the classification authorization of each classification administrator is gradually decreased from high to low according to the administrative division level.
9. The method for user hierarchical authorization management of information system according to claim 7, wherein for four administrative division levels of country, province, city, and county, a hierarchical administrator is respectively provided for each administrative division under each administrative division level, and the hierarchical administrator is responsible for authority management of users in its corresponding administrative division, specifically:
dividing users into country-level users, provincial-level users, city-level users and district-county-level users according to administrative division levels;
selecting one or more country-level users as a country-level administrator; wherein the national level administrator has the highest system authority and the most hierarchical authority;
the state-level administrator respectively selects one or more provincial users as provincial administrators corresponding to provinces in the whole country, and grants the existing partial classification authority to each provincial administrator;
the provincial administrator respectively selects one or more city-level users as city-level administrators corresponding to each city of the whole province, and grants partial classification authority of the provincial administrator to each city-level administrator;
and the city-level administrator respectively selects one or more district-level users as district-level administrators corresponding to each district and each county of the whole city, and grants partial grading authority of the city-level administrators.
10. A hierarchical authorization management device for users of an information system, comprising at least one processor and a memory, wherein the at least one processor and the memory are connected through a data bus, and the memory stores instructions executable by the at least one processor, and the instructions are used for completing the hierarchical authorization management method for users of the information system according to any one of claims 1 to 9 after being executed by the processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911141036.0A CN111079127A (en) | 2019-11-20 | 2019-11-20 | User grading authorization management method and device of information system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911141036.0A CN111079127A (en) | 2019-11-20 | 2019-11-20 | User grading authorization management method and device of information system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111079127A true CN111079127A (en) | 2020-04-28 |
Family
ID=70311297
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911141036.0A Pending CN111079127A (en) | 2019-11-20 | 2019-11-20 | User grading authorization management method and device of information system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111079127A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112069473A (en) * | 2020-08-03 | 2020-12-11 | 中国铁道科学研究院集团有限公司电子计算技术研究所 | User authorization method and system |
| CN112230832A (en) * | 2020-10-14 | 2021-01-15 | 浪潮云信息技术股份公司 | Hierarchical management system of cross-organization users |
| CN112463767A (en) * | 2020-12-11 | 2021-03-09 | 北京明略软件系统有限公司 | Region-based database design method and system, electronic device and storage medium |
| CN112597516A (en) * | 2020-12-23 | 2021-04-02 | 上海融恒智能科技有限公司 | Multi-stage linkage authority control system and method |
| CN112765629A (en) * | 2021-01-25 | 2021-05-07 | 山西青峰软件股份有限公司 | Method and system for preventing unauthorized access of education system |
| CN113779515A (en) * | 2021-02-20 | 2021-12-10 | 北京京东乾石科技有限公司 | Authority management method, system and storage medium |
| WO2022052682A1 (en) * | 2020-09-11 | 2022-03-17 | 京东方科技集团股份有限公司 | Medical system and permission management method therefor |
| CN117093184A (en) * | 2023-10-19 | 2023-11-21 | 同力天合(北京)管理软件股份有限公司 | Software service adaptation method and system based on client requirements |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101145233A (en) * | 2006-09-12 | 2008-03-19 | 中国农业银行 | Data ciphered-mortgage transaction system, teller identification system, trans-center transaction system and method |
| CN102053969A (en) * | 2009-10-28 | 2011-05-11 | 上海宝信软件股份有限公司 | Web ERP (enterprise resource planning) user right management system |
| CN109981552A (en) * | 2017-12-28 | 2019-07-05 | 中移(杭州)信息技术有限公司 | A kind of authority distributing method and device |
| CN110290075A (en) * | 2019-04-17 | 2019-09-27 | 李士锋 | A kind of method for managing resource and system of police cloud computing platform |
-
2019
- 2019-11-20 CN CN201911141036.0A patent/CN111079127A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101145233A (en) * | 2006-09-12 | 2008-03-19 | 中国农业银行 | Data ciphered-mortgage transaction system, teller identification system, trans-center transaction system and method |
| CN102053969A (en) * | 2009-10-28 | 2011-05-11 | 上海宝信软件股份有限公司 | Web ERP (enterprise resource planning) user right management system |
| CN109981552A (en) * | 2017-12-28 | 2019-07-05 | 中移(杭州)信息技术有限公司 | A kind of authority distributing method and device |
| CN110290075A (en) * | 2019-04-17 | 2019-09-27 | 李士锋 | A kind of method for managing resource and system of police cloud computing platform |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112069473A (en) * | 2020-08-03 | 2020-12-11 | 中国铁道科学研究院集团有限公司电子计算技术研究所 | User authorization method and system |
| WO2022052682A1 (en) * | 2020-09-11 | 2022-03-17 | 京东方科技集团股份有限公司 | Medical system and permission management method therefor |
| CN112230832A (en) * | 2020-10-14 | 2021-01-15 | 浪潮云信息技术股份公司 | Hierarchical management system of cross-organization users |
| CN112463767A (en) * | 2020-12-11 | 2021-03-09 | 北京明略软件系统有限公司 | Region-based database design method and system, electronic device and storage medium |
| CN112597516A (en) * | 2020-12-23 | 2021-04-02 | 上海融恒智能科技有限公司 | Multi-stage linkage authority control system and method |
| CN112765629A (en) * | 2021-01-25 | 2021-05-07 | 山西青峰软件股份有限公司 | Method and system for preventing unauthorized access of education system |
| CN113779515A (en) * | 2021-02-20 | 2021-12-10 | 北京京东乾石科技有限公司 | Authority management method, system and storage medium |
| CN117093184A (en) * | 2023-10-19 | 2023-11-21 | 同力天合(北京)管理软件股份有限公司 | Software service adaptation method and system based on client requirements |
| CN117093184B (en) * | 2023-10-19 | 2023-12-29 | 同力天合(北京)管理软件股份有限公司 | Software service adaptation method and system based on client requirements |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111079127A (en) | User grading authorization management method and device of information system | |
| Steinhardt et al. | In the name of the public: Environmental protest and the changing landscape of popular contention in China | |
| Abdelrahman | In praise of organization: Egypt between activism and revolution | |
| Zetter et al. | Social capital or social exclusion? The impact of asylum-seeker dispersal on UK refugee community organizations | |
| Bedner | Indonesian land law: Integration at last? And for whom | |
| CN109962805A (en) | A kind of multi-platform cut-in method and equipment based on Authority and Domain Based Management | |
| Hudalah | Governing industrial estates on Jakarta's periurban area: From shadow government to network governance | |
| Anthopoulos et al. | From online to ubiquitous cities: The technical transformation of virtual communities | |
| Verdeil | Beirut: Metropolis of Darkness: The Politics of Urban Electricity Grids | |
| Beall et al. | Elite compacts in Africa: The role of area‐based management in the new governmentality of the Durban City‐region | |
| Huang et al. | Using construction expansion regulation zones to manage urban growth in Hefei City, China | |
| Panuju et al. | A strategy for competitive broadcasting-Radio community networking in Tulungagung, Indonesia | |
| Liaropoulos | Exploring the complexity of cyberspace governance: state sovereignty, multi-stakeholderism, and power politics | |
| CN104333553A (en) | Mass data authority control strategy based on combination of blacklist and whitelist | |
| Ng et al. | Dual land regime, income inequalities and multifaceted socio-economic and spatial segregation in Hong Kong | |
| CN109274645A (en) | A kind of hierarchical layered access implementation method of smart city space-time cloud platform | |
| Kim | The making and unmaking of a “transborder nation”: South Korea during and after the Cold War | |
| Abdelhamid | Urban development and planning in the occupied Palestinian territories: impacts on urban form | |
| Fuhr | The seven traps of decentralization policy | |
| Beuermann | Local Agenda 21 in Germany | |
| CN104917767B (en) | home business access control method based on RBAC model | |
| CN103500315A (en) | System of reasonable classification and use permission distribution for information resources | |
| Habibi et al. | How compact are midsize cities in Iran? | |
| CN114090969A (en) | Multilevel multi-tenant cross authorization management method | |
| CN113765925B (en) | Improved method based on OSAC and PERM access control model |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200428 |
|
| RJ01 | Rejection of invention patent application after publication |