CN111191256A - Method and device for configuring user permission - Google Patents
Method and device for configuring user permission Download PDFInfo
- Publication number
- CN111191256A CN111191256A CN201911191249.4A CN201911191249A CN111191256A CN 111191256 A CN111191256 A CN 111191256A CN 201911191249 A CN201911191249 A CN 201911191249A CN 111191256 A CN111191256 A CN 111191256A
- Authority
- CN
- China
- Prior art keywords
- management node
- authority
- application
- management
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
Abstract
The invention discloses a method and a device for configuring user rights, and relates to the technical field of computers. One embodiment of the method comprises: setting a plurality of management nodes in ordered levels according to the architecture of the platform system, wherein the authority of the management nodes is gradually decreased step by step according to the level sequence, and each management node is responsible for configuring the authority of the management node in the next level adjacent to the management node; when an application is newly added to the platform system, a management node of the application is established by the management node with the maximum authority level; acquiring the level of the application in the platform system architecture, and sequentially configuring the authority for the management node of the next level adjacent to the management node by each management node according to the order of the authority levels of the management nodes from large to small until the management node of the application. The embodiment can carry out configuration management on the authority of the user and each management node according to the platform system architecture, and is convenient for isolation of system data resources and authority separation of each management node.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a method and a device for configuring user permissions.
Background
The existing platform user center is mainly distributed with two roles, namely a platform manager and an organization manager, in a single organization dimension, and information creation and authority configuration of personnel are carried out through the two roles. When a new employee joins in, a platform administrator needs to create information and assign permissions to the employees one by one in a platform user center, and when a new organization is established, a large number of new employees need to be created and configured with permissions, so that the operation is tedious, the efficiency is low, and the cost is high.
At present, the existing user authority configuration methods mainly include the following two methods:
1. the platform user center opens to register application and resources for external enterprise users, and can manually create personnel information and authority application for different enterprises, but the method is not suitable for multi-service mechanisms of group management;
2. the platform user center mainly manages with the single mechanism dimension of each service line, if an organization is newly opened, an administrator creates an organization, adds a batch of personnel and posts and respectively configures the authority, the personnel of the same organization and the distributed authority cannot be reused, the management cost is higher, and the platform user center is not suitable for a multi-service organization managed by a group.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method and an apparatus for configuring a user authority, which can configure and manage the authority of a user and each management node according to a platform system architecture, so as to facilitate isolation of system data resources and authority separation of each management node, thereby implementing systematization, process, and automatic configuration of authority configuration.
To achieve the above object, according to an aspect of an embodiment of the present invention, a method for user right configuration is provided.
A method of user rights configuration, comprising: setting a plurality of management nodes in ordered levels according to the architecture of the platform system, wherein the authority of the management nodes is gradually decreased step by step according to the level sequence, and each management node is responsible for configuring the authority of the management node in the next level adjacent to the management node; when an application is newly added to the platform system, a management node of the application is created by a management node with the maximum authority level; and acquiring the level of the application in the platform system architecture, and sequentially configuring the authority for the management node of the next level adjacent to the management node by each management node according to the order of the authority levels of the management nodes from large to small until the management node of the application.
Optionally, each management node is also responsible for configuring the permissions for the users it directly manages.
Optionally, the right configuration includes configuration of public rights and configuration of personalized rights.
Optionally, the management node of the application performs permission configuration by selecting a user and a system role corresponding to the user in a framework of the platform system, and setting an organization access range to which the selected user belongs.
Optionally, performing, by each management node, authority configuration for a next-level management node adjacent to the management node includes: for each management node, carrying out identity verification on the management node; and after the identity verification is passed, generating a corresponding authority data packet according to the authority configuration content, and storing the association relation between the next level of management node adjacent to the management node and the authority data packet.
Optionally, when a user logs in the platform system and accesses the application, the platform system obtains the authority of the user and performs authority verification to determine whether the user can access the application.
Optionally, when the user does not log in the platform system and access the application, the platform system prompts the user to log in, and acquires the authority of the user after the login is successful and performs authority verification to determine whether the user can access the application.
According to another aspect of the embodiments of the present invention, an apparatus for user right configuration is provided.
An apparatus of user rights configuration, comprising: the management node setting module is used for setting a plurality of management nodes in ordered levels according to the architecture of the platform system, the authority of the management nodes is gradually decreased step by step according to the level sequence, and each management node is responsible for carrying out authority configuration on the management node of the next level adjacent to the management node; the application creation module is used for creating a management node of the application by the management node with the maximum authority level when the platform system is added with an application; and the authority configuration module is used for acquiring the level of the application in the platform system architecture, and sequentially configuring the authority for the management node of the next level adjacent to the management node by each management node according to the ascending order of the authority level of the management node until the management node of the application.
According to another aspect of the embodiment of the invention, an electronic device for user right configuration is provided.
An electronic device for user rights configuration, comprising: one or more processors; the storage device is used for storing one or more programs, and when the one or more programs are executed by the one or more processors, the one or more processors implement the method for configuring the user right provided by the embodiment of the invention.
According to yet another aspect of embodiments of the present invention, a computer-readable medium is provided.
A computer readable medium, on which a computer program is stored, the program, when executed by a processor, implementing a method for user right configuration provided by an embodiment of the present invention.
One embodiment of the above invention has the following advantages or benefits: the method comprises the steps that a plurality of management nodes in ordered levels are arranged according to the architecture of a platform system, the authority of the management nodes is gradually decreased step by step according to the level sequence, and each management node is responsible for carrying out authority configuration on the management node in the next level adjacent to the management node; when an application is newly added to the platform system, a management node of the application is established by the management node with the maximum authority level; the method comprises the steps of obtaining the level applied to a platform system architecture, sequentially configuring the authority of the management node of the next level adjacent to the management node by the management node according to the order from the large authority level of the management node to the small authority level of the management node until the applied management node, and realizing the configuration management of the authority of a user and each management node according to the platform system architecture, thereby facilitating the isolation of system data resources and the authority separation of each management node, and directly distributing public authority to each service system, thereby realizing the systematization, the flow and the automatic configuration of the authority configuration.
Further effects of the above-mentioned non-conventional alternatives will be described below in connection with the embodiments.
Drawings
The drawings are included to provide a better understanding of the invention and are not to be construed as unduly limiting the invention. Wherein:
FIG. 1 is a schematic diagram of the main steps of a method for user right configuration according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of the main modules of a user right configured device according to an embodiment of the present invention;
FIG. 3 is an exemplary system architecture diagram in which embodiments of the present invention may be employed;
fig. 4 is a schematic block diagram of a computer system suitable for use in implementing a terminal device or server of an embodiment of the invention.
Detailed Description
Exemplary embodiments of the present invention are described below with reference to the accompanying drawings, in which various details of embodiments of the invention are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
In order to solve the problems in the prior art, the invention provides a method and a device for configuring user authority, wherein the method and the device realize the authority separation of each management node by performing function layering on the existing platform system architecture, setting a management node of a corresponding level for each layer and performing authority configuration on the management node of the next level adjacent to the management node of each level or a user managed by the management node of each level, and can directly distribute public authority to each service system, thereby realizing the systematization, the flow and the automatic configuration of the authority configuration.
Fig. 1 is a schematic diagram of main steps of a method for configuring user rights according to an embodiment of the present invention. As shown in fig. 1, the method for configuring user rights in the embodiment of the present invention mainly includes the following steps S101 to S103.
Step S101: setting a plurality of management nodes in ordered levels according to the architecture of the platform system, wherein the authority of the management nodes is gradually decreased step by step according to the level sequence, and each management node is responsible for configuring the authority of the management node in the next level adjacent to the management node;
step S102: when an application is newly added to the platform system, a management node of the application is established by the management node with the maximum authority level;
step S103: acquiring the level of the application in the platform system architecture, and sequentially configuring the authority for the management node of the next level adjacent to the management node by each management node according to the order of the authority levels of the management nodes from large to small until the management node of the application.
According to the technical scheme of the invention, because the platform system generally adopts clustered management and different service data are separately managed, management nodes of multiple levels can be set according to the architecture of the platform system, such as: more than two. The authority of these management nodes decreases progressively in the order of the levels, for example: assuming that a platform system can be divided into three levels of mechanism organizations according to the architecture of the platform system, and management nodes of three levels are correspondingly required to be set, wherein the first level management node corresponds to the first level mechanism organization and is a management node with the maximum authority; the next level of management nodes (namely, second level management nodes) adjacent to the management nodes correspond to two second level of organization organizations, and the management nodes can be arranged for each second level of organization; the next level of management nodes (i.e., third level of management nodes) adjacent to each second level of management nodes are respectively two corresponding to the third level of organization, i.e., there are four third level of organization and each organization is provided with management nodes. The management node of each level may be operated by one person or a plurality of persons. And the management node of each level is responsible for carrying out authority configuration on the management node of the next level adjacent to the management node of each level. Therefore, the configuration management of the user and the authority of each management node can be realized according to the platform system architecture, and the isolation of system data resources is realized.
In addition, according to another embodiment of the present invention, the management node is also responsible for configuring the rights for the users it directly manages. Here, the user directly managed by the management node may be, for example, a person or an employee who uses the platform system, or a visitor of the platform system, or the like.
According to yet another embodiment of the invention, the configuration of rights includes the configuration of making public rights and the configuration of personalized rights. The public right refers to the public right of the organization to which the user belongs, and the personalized right refers to the special right owned by the user. The management node can select a department and then redistribute the public authority in the organization of the platform system besides selecting a user. When a new user enters the department, the authority owned by the department can be automatically configured on the account of the new user, and the user can see the login of the business system.
According to another embodiment of the invention, when an application is added to the platform system, the management node of the application is created by the management node with the maximum authority level, and the management authority of the application is configured for the management node of the organization mechanism to which the application belongs in the management nodes of the next level adjacent to the management node. When the management node with the maximum authority level establishes the management node of the application, the management node can also establish the application in a platform user center and fill in information such as an application name, an access address, a person in charge for selecting an application system and the like; application resources are then created, including: menus and functions, etc.; and finally, configuring the management authority of the application for the management node of the organization to which the application belongs in the management node of the next level adjacent to the management node. For example: assuming that the level of the newly added application in the platform system architecture is the third level, and the management node of the second level to which the newly added application belongs is the second level management node 1 (the second level management nodes have two and respectively correspond to two organizations of the second level), the first level management node with the maximum authority can configure the management authority of the application for the second level management node 1.
In the embodiment of the invention, the management node at the upper level of the application is responsible for configuring the management authority of the application for the management node of the application. With reference to the foregoing embodiment, the management node at the previous level of the application, that is, the second-level management node 1, is responsible for creating a management node for the application and configuring the management authority of the application for the created management node, so as to perform information creation and authority configuration for all users that can access the application.
After the management node of the application is created and assigned with the authority, the authority configuration can be performed by selecting the user and the system role corresponding to the user in the architecture of the platform system and setting the mechanism access range to which the selected user belongs. Specifically, an administrator of the application first determines a user list and a working range which need to log in or access the application system, then logs in a platform user center, creates a role list of a user use system, and selects information such as the user, the system role, an organization access range to which the user belongs in an organization structure to configure the authority of the user.
According to an embodiment of the present invention, when each management node configures the authority for the next level of management nodes adjacent to the management node, the method may specifically be performed according to the following steps:
for each management node, carrying out identity verification on the management node;
and after the identity verification is passed, generating a corresponding authority data packet according to the authority configuration content, and storing the association relation between the next level of management node adjacent to the management node and the authority data packet.
For each management node, when the authority configuration needs to be performed on the management node of the next level adjacent to the management node through the management node, identity verification needs to be performed on the management node, and if the verification fails, the authority configuration cannot be performed. After the identity verification is passed, a corresponding authority data packet can be generated according to the authority configuration content, and the association relationship between the authority data packet and the management node of the next level is carried out. Therefore, when the authority acquisition and verification are required, the corresponding authority data packet can be acquired according to the identification (such as the name) of the management node. Similarly, after the management node configures the authority for the user directly managed by the management node, the association relationship between each user and the corresponding authority data packet can also be stored.
According to one embodiment of the invention, when a user logs in a platform system and accesses an application, the platform system acquires the authority of the user and performs authority verification to judge whether the user can access the application.
According to another embodiment of the invention, when the user does not log in the platform system and access the application, the platform system prompts the user to log in, and acquires the authority of the user after the login is successful and performs authority verification to judge whether the user can access the application.
When the platform system acquires the authority of the user, specific examples include: the platform system acquires organization information such as positions, affiliated organizations and the like of the user and personalized authority information of the user according to the login identification of the user, and then acquires public authorities corresponding to the organizations of the user, namely acquires all authorities of the user. Then, a permission check is performed according to the permission of the user to determine whether the user can access the application, and what specific functions of the application can be accessed, for example: application rights, menu rights, function rights and corresponding other rights, etc. And then, the operation of the user on the platform system can be accepted according to the authority of the user.
According to one embodiment of the invention, for a newly added application A, users all enter the job, and all the users need to log in a platform system to do the work specified by the post responsibility, a management node of the application A logs in a platform user center to select a department to which the application A belongs in an organization framework and select the authority of using the application system, a service system of the application A authenticates the logged-in user in the platform system, and under the condition that the management node does not continuously allocate an individual authority to the user, the user can only see the public authority of the department after logging in, so that the public authority is automatically allocated to the user of each department, and a large amount of authority allocation workload is saved.
Fig. 2 is a schematic diagram of main blocks of a user right configuration device according to an embodiment of the present invention. As shown in fig. 2, an apparatus 200 for configuring user rights according to an embodiment of the present invention mainly includes a management node setting module 201, an application creating module 202, and a rights configuration module 203.
The management node setting module 201 is configured to set a plurality of management nodes in an ordered level according to a framework of the platform system, and the authority of the management nodes decreases step by step according to the level sequence, and each management node is responsible for configuring the authority for a management node in a next level adjacent to the management node;
an application creation module 202, configured to create, when an application is newly added to the platform system, a management node of the application from a management node with a largest authority level;
and the authority configuration module 203 is configured to obtain the level of the application in the platform system architecture, and sequentially perform authority configuration on the management node of the next level adjacent to the management node by each management node according to the order of the authority levels of the management nodes from large to small until the management node of the application.
According to one embodiment of the present invention, the management node is also responsible for configuring the rights for the users it directly manages.
According to another embodiment of the invention, the configuration of rights comprises the configuration of making public rights and the configuration of personalizing rights.
According to another embodiment of the present invention, the management node of the application performs the authority configuration by selecting a user and a system role corresponding to the user in the architecture of the platform system, and setting an organization access range to which the selected user belongs.
According to another embodiment of the present invention, the permission configuration module 203 may be further configured to:
for each management node, carrying out identity verification on the management node;
and after the identity verification is passed, generating a corresponding authority data packet according to the authority configuration content, and storing the association relation between the next level of management node adjacent to the management node and the authority data packet.
According to the embodiment of the invention, when a user logs in the platform system and accesses the application, the platform system acquires the authority of the user and carries out authority verification so as to judge whether the user can access the application.
According to another embodiment of the invention, when a user does not log in the platform system and access the application, the platform system prompts the user to log in, and acquires the authority of the user after the login is successful and performs authority verification to judge whether the user can access the application.
According to the technical scheme of the embodiment of the invention, a plurality of management nodes in ordered levels are arranged according to the architecture of a platform system, the authority of the management nodes is gradually decreased step by step according to the level sequence, and each management node is responsible for carrying out authority configuration on the management node in the next level adjacent to the management node; when an application is newly added to the platform system, a management node of the application is established by the management node with the maximum authority level; the method comprises the steps of obtaining the level applied to a platform system architecture, sequentially configuring the authority of each management node to the next level of the management node adjacent to the management node according to the order from the large authority level of the management node to the small authority level of the management node until the applied management node, and realizing the configuration management of the authority of a user and each management node according to the platform system architecture, thereby facilitating the isolation of system data resources and the authority separation of each management node, and directly distributing public authority to each service system, thereby realizing the systematization, the flow and the automatic configuration of the authority configuration.
Fig. 3 illustrates an exemplary system architecture 300 of a user right configuration method or a user right configuration device to which an embodiment of the present invention may be applied.
As shown in fig. 3, the system architecture 300 may include terminal devices 301, 302, 303, a network 304, and a server 305. The network 304 serves as a medium for providing communication links between the terminal devices 301, 302, 303 and the server 305. Network 304 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
The user may use the terminal device 301, 302, 303 to interact with the server 305 via the network 304 to receive or send messages or the like. The terminal devices 301, 302, 303 may have installed thereon various communication client applications, such as shopping-like applications, web browser applications, search-like applications, instant messaging tools, mailbox clients, social platform software, etc. (by way of example only).
The terminal devices 301, 302, 303 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The server 305 may be a server providing various services, such as a background management server (for example only) providing support for shopping-like websites browsed by users using the terminal devices 301, 302, 303. The backend management server may analyze and perform other processing on the received data such as the product information query request, and feed back a processing result (for example, target push information, product information — just an example) to the terminal device.
It should be noted that the method for configuring the user right provided by the embodiment of the present invention is generally executed by the server 305, and accordingly, the device for configuring the user right is generally disposed in the server 305.
It should be understood that the number of terminal devices, networks, and servers in fig. 3 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
Referring now to FIG. 4, a block diagram of a computer system 400 suitable for use with a terminal device or server implementing an embodiment of the invention is shown. The terminal device or the server shown in fig. 4 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 4, the computer system 400 includes a Central Processing Unit (CPU)401 that can perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)402 or a program loaded from a storage section 408 into a Random Access Memory (RAM) 403. In the RAM 403, various programs and data necessary for the operation of the system 400 are also stored. The CPU 401, ROM 402, and RAM 403 are connected to each other via a bus 404. An input/output (I/O) interface 405 is also connected to bus 404.
The following components are connected to the I/O interface 405: an input section 406 including a keyboard, a mouse, and the like; an output section 407 including a display device such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 408 including a hard disk and the like; and a communication section 409 including a network interface card such as a LAN card, a modem, or the like. The communication section 409 performs communication processing via a network such as the internet. A driver 410 is also connected to the I/O interface 405 as needed. A removable medium 411 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 410 as necessary, so that a computer program read out therefrom is mounted into the storage section 408 as necessary.
In particular, according to the embodiments of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 409, and/or installed from the removable medium 411. The computer program performs the above-described functions defined in the system of the present invention when executed by a Central Processing Unit (CPU) 401.
It should be noted that the computer readable medium shown in the present invention can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units or modules described in the embodiments of the present invention may be implemented by software, or may be implemented by hardware. The described units or modules may also be provided in a processor, and may be described as: a processor includes a management node setting module, an application creation module, and a permission configuration module. Where the names of these units or modules do not in some cases constitute a limitation on the units or modules themselves, for example, the management node setting module may also be described as a "module for setting a plurality of ordered levels of management nodes according to the architecture of the platform system".
As another aspect, the present invention also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be separate and not incorporated into the device. The computer readable medium carries one or more programs which, when executed by a device, cause the device to comprise: setting a plurality of management nodes in ordered levels according to the architecture of the platform system, wherein the authority of the management nodes is gradually decreased step by step according to the level sequence, and each management node is responsible for configuring the authority of the management node in the next level adjacent to the management node; when an application is newly added to the platform system, a management node of the application is created by a management node with the maximum authority level; and acquiring the level of the application in the platform system architecture, and sequentially configuring the authority for the management node of the next level adjacent to the management node by each management node according to the order of the authority levels of the management nodes from large to small until the management node of the application.
According to the technical scheme of the embodiment of the invention, a plurality of management nodes in ordered levels are arranged according to the architecture of a platform system, the authority of the management nodes is gradually decreased step by step according to the level sequence, and each management node is responsible for carrying out authority configuration on the management node in the next level adjacent to the management node; when an application is newly added to the platform system, a management node of the application is established by the management node with the maximum authority level; the method comprises the steps of obtaining the level applied to a platform system architecture, sequentially configuring the authority of each management node to the next level of the management node adjacent to the management node according to the order from the large authority level of the management node to the small authority level of the management node until the applied management node, and realizing the configuration management of the authority of a user and each management node according to the platform system architecture, thereby facilitating the isolation of system data resources and the authority separation of each management node, and directly distributing public authority to each service system, thereby realizing the systematization, the flow and the automatic configuration of the authority configuration.
The above-described embodiments should not be construed as limiting the scope of the invention. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations, and substitutions may occur depending on design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A method for configuring user rights, comprising:
setting a plurality of management nodes in ordered levels according to the architecture of the platform system, wherein the authority of the management nodes is gradually decreased step by step according to the level sequence, and each management node is responsible for configuring the authority of the management node in the next level adjacent to the management node;
when an application is newly added to the platform system, a management node of the application is created by a management node with the maximum authority level;
and acquiring the level of the application in the platform system architecture, and sequentially configuring the authority for the management node of the next level adjacent to the management node by each management node according to the order of the authority levels of the management nodes from large to small until the management node of the application.
2. The method of claim 1, wherein each management node is also responsible for configuring permissions for its directly managed users.
3. The method according to claim 1 or 2, wherein the configuration of rights comprises making a configuration of public rights and a configuration of personalized rights.
4. The method according to claim 1 or 2, wherein the management node of the application performs authority configuration by selecting users and system roles corresponding to the users in the architecture of the platform system and setting the access scope of the organization to which the selected users belong.
5. The method of claim 1, wherein the configuring of the authority for the management node of the next level adjacent to each management node by each management node comprises:
for each management node, carrying out identity verification on the management node;
and after the identity verification is passed, generating a corresponding authority data packet according to the authority configuration content, and storing the association relation between the next level of management node adjacent to the management node and the authority data packet.
6. The method of claim 1, wherein when a user logs in the platform system and accesses the application, the platform system obtains the user's right and performs right verification to determine whether the user can access the application.
7. The method of claim 1, wherein when a user does not log in the platform system and access the application, the platform system prompts the user to log in, and obtains the user's right after the login is successful and performs right verification to determine whether the user can access the application.
8. An apparatus for user rights configuration, comprising:
the management node setting module is used for setting a plurality of management nodes in ordered levels according to the architecture of the platform system, the authority of the management nodes is gradually decreased step by step according to the level sequence, and each management node is responsible for carrying out authority configuration on the management node of the next level adjacent to the management node;
the application creation module is used for creating a management node of the application by the management node with the maximum authority level when the platform system is added with an application;
and the authority configuration module is used for acquiring the level of the application in the platform system architecture, and sequentially configuring the authority for the management node of the next level adjacent to the management node by each management node according to the ascending order of the authority level of the management node until the management node of the application.
9. An electronic device for user rights configuration, comprising:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-7.
10. A computer-readable medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911191249.4A CN111191256B (en) | 2019-11-28 | 2019-11-28 | Method and device for configuring user permission |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911191249.4A CN111191256B (en) | 2019-11-28 | 2019-11-28 | Method and device for configuring user permission |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111191256A true CN111191256A (en) | 2020-05-22 |
| CN111191256B CN111191256B (en) | 2022-06-28 |
Family
ID=70705812
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911191249.4A Active CN111191256B (en) | 2019-11-28 | 2019-11-28 | Method and device for configuring user permission |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111191256B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113792030A (en) * | 2021-09-23 | 2021-12-14 | 重庆标能瑞源储能技术研究院有限公司 | Equipment virtual structure management method applied to big data platform |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105141576A (en) * | 2015-06-30 | 2015-12-09 | 广州支点网络科技有限公司 | Authorization management system and authorization method |
| US20160098548A1 (en) * | 2014-10-03 | 2016-04-07 | Wells Fargo Bank, N.A. | Setting an authorization level at enrollment |
| CN108322432A (en) * | 2017-12-14 | 2018-07-24 | 中国科学院信息工程研究所 | A kind of mechanism application rights management method and service system based on tree-like tissue model |
| CN109962805A (en) * | 2017-12-26 | 2019-07-02 | 中移(杭州)信息技术有限公司 | A kind of multi-platform cut-in method and equipment based on Authority and Domain Based Management |
| CN109981552A (en) * | 2017-12-28 | 2019-07-05 | 中移(杭州)信息技术有限公司 | A kind of authority distributing method and device |
-
2019
- 2019-11-28 CN CN201911191249.4A patent/CN111191256B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160098548A1 (en) * | 2014-10-03 | 2016-04-07 | Wells Fargo Bank, N.A. | Setting an authorization level at enrollment |
| CN105141576A (en) * | 2015-06-30 | 2015-12-09 | 广州支点网络科技有限公司 | Authorization management system and authorization method |
| CN108322432A (en) * | 2017-12-14 | 2018-07-24 | 中国科学院信息工程研究所 | A kind of mechanism application rights management method and service system based on tree-like tissue model |
| CN109962805A (en) * | 2017-12-26 | 2019-07-02 | 中移(杭州)信息技术有限公司 | A kind of multi-platform cut-in method and equipment based on Authority and Domain Based Management |
| CN109981552A (en) * | 2017-12-28 | 2019-07-05 | 中移(杭州)信息技术有限公司 | A kind of authority distributing method and device |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113792030A (en) * | 2021-09-23 | 2021-12-14 | 重庆标能瑞源储能技术研究院有限公司 | Equipment virtual structure management method applied to big data platform |
| CN113792030B (en) * | 2021-09-23 | 2023-11-24 | 重庆标能瑞源储能技术研究院有限公司 | Equipment virtual structure management method applied to big data platform |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111191256B (en) | 2022-06-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11140176B2 (en) | Distributed topology enabler for identity manager | |
| CN109274731B (en) | Method and device for deploying and calling web service based on multi-tenant technology | |
| US9606794B1 (en) | Generating and managing applications using any number of different platforms | |
| US9998474B2 (en) | Secure assertion attribute for a federated log in | |
| CN113495921B (en) | Routing method and device for database cluster | |
| US8935756B2 (en) | Providing multiple authentications to authenticate users with respect to a system and file systems offered through the system | |
| US9571500B1 (en) | Context sensitive security help | |
| US9473304B1 (en) | Generation and distribution of named, definable, serialized tokens | |
| CN111580820A (en) | Applet generation method and device | |
| CN113361838A (en) | Business wind control method and device, electronic equipment and storage medium | |
| CN111191256B (en) | Method and device for configuring user permission | |
| CN113128197A (en) | Method and device for managing application production versions | |
| CN117170784A (en) | Menu and page rendering method and device thereof and electronic equipment | |
| US10579214B2 (en) | Context sensitive active fields in user interface | |
| CN114745757B (en) | Cluster switching method, device, equipment and medium | |
| CN109213743B (en) | Data query method and device | |
| US10681113B2 (en) | Geographically distributed highly available mailbox | |
| US11558387B2 (en) | Validation of approver identifiers in a cloud computing environment | |
| CN114070889A (en) | Configuration method, traffic forwarding method, device, storage medium, and program product | |
| CN110765445B (en) | Method and device for processing request | |
| US10795686B2 (en) | Internationalization controller | |
| CN113934494A (en) | Cloud desktop management method and device, electronic equipment and storage medium | |
| CN108683608B (en) | Method and device for distributing flow | |
| US11902178B2 (en) | System and method to effectively allocate computing resources to end users | |
| US11074223B2 (en) | Orphaned content remediation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |