CN111199028A - Resource information access method and device, computer equipment and storage medium - Google Patents

Resource information access method and device, computer equipment and storage medium Download PDF

Info

Publication number
CN111199028A
CN111199028A CN202010011290.5A CN202010011290A CN111199028A CN 111199028 A CN111199028 A CN 111199028A CN 202010011290 A CN202010011290 A CN 202010011290A CN 111199028 A CN111199028 A CN 111199028A
Authority
CN
China
Prior art keywords
information
access
role
user
resource
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010011290.5A
Other languages
Chinese (zh)
Inventor
曾冰清
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
OneConnect Smart Technology Co Ltd
OneConnect Financial Technology Co Ltd Shanghai
Original Assignee
OneConnect Financial Technology Co Ltd Shanghai
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by OneConnect Financial Technology Co Ltd Shanghai filed Critical OneConnect Financial Technology Co Ltd Shanghai
Priority to CN202010011290.5A priority Critical patent/CN111199028A/en
Publication of CN111199028A publication Critical patent/CN111199028A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses a resource information access method, which relates to the technical field of data security, and comprises the following steps: when a resource access instruction is received, inquiring in a preset user role list according to received user information to obtain role information associated with the user information so as to obtain a corresponding first role information list in a summary manner; inquiring a target resource corresponding to the resource access instruction in a preset role resource list to obtain role information associated with the target resource so as to obtain a corresponding second role information list in a summary manner; comparing the first role information list with the second role information list, and determining whether an access user corresponding to the user information has the access authority of the target resource; and when the access user has the access right of the target resource, opening the target resource for the access user to access. The application also provides a resource information access device, a computer device and a storage medium of readable instructions. The resource information access efficiency and the management convenience are realized.

Description

Resource information access method and device, computer equipment and storage medium
Technical Field
The present application relates to the field of data security technologies, and in particular, to a resource information access method, a resource information access apparatus, a computer device, and a storage medium storing computer-readable instructions.
Background
The enterprise-level business system is used by a plurality of users, the system can define a plurality of different roles according to the access authority of the resources, and the resources can be well controlled by granting different user roles to different users according to the requirements.
With the continuous increase of system services, the number of user roles and resource information contained in the system is large, and different user roles can manage and control different resource information. In the existing system, when defining the relationship between the user role and the resource information, the user role is defined by an XML file, and the role is defined as a node of the XML, and a URL interface or page file resource is defined as a child node under the role node, so that one role can only access the resource to which the role belongs. When one user corresponds to multiple roles, the method ensures that the resource access is not convenient and efficient enough, and is also not beneficial to the maintenance and management of the system on the user roles and the resources.
Disclosure of Invention
The application provides a resource information access method, a resource information access device, a computer device and a storage medium, so as to improve resource access efficiency and management convenience.
In a first aspect, the present application provides a method for accessing resource information, where the method includes:
when a resource access instruction is received, inquiring in a preset user role list according to received user information to obtain role information associated with the user information, so as to obtain a corresponding first role information list in a summary manner;
inquiring a target resource corresponding to the resource access instruction in a preset role resource list to obtain role information associated with the target resource so as to obtain a corresponding second role information list in a summary manner;
comparing the first role information list with the second role information list, and determining whether an access user corresponding to the user information has the access authority of the target resource;
and when the access user has the access right of the target resource, opening the target resource for the access user to access.
In a second aspect, the present application further provides a resource information access apparatus, including:
the first acquisition module is used for inquiring in a preset user role list according to received user information to obtain role information associated with the user information when a resource access instruction is received so as to obtain a corresponding first role information list in a summary manner;
the second obtaining module is used for inquiring in a preset role resource list according to a target resource corresponding to the resource access instruction to obtain role information associated with the target resource so as to obtain a corresponding second role information list in a summary manner;
the information comparison module is used for comparing the first role information list with the second role information list and determining whether an access user corresponding to the user information has the access authority of the target resource;
and the resource opening module is used for opening the target resource for the access of the access user when the access user has the access right of the target resource.
In a third aspect, the present application further provides a computer device comprising a memory and a processor; the memory is used for storing a computer program; the processor is configured to execute the computer program and implement the resource information access method as described above when executing the computer program.
In a fourth aspect, the present application also provides a computer-readable storage medium storing a computer program, which when executed by a processor causes the processor to implement the resource information access method as described above.
The application discloses a resource information access method, when a resource access instruction is received, user information input by an access user is received, a first role information list associated with the user information is obtained according to the obtained user information, meanwhile, when the resource access instruction is received, a second role information list corresponding to the target resource information required to be accessed by the resource access instruction is obtained according to the resource access instruction, then the first role information list and the second role information list are compared, and when the access user is determined to be capable of accessing the target resource, the target resource is opened to the access user for access. The method and the device realize convenient and quick integration management of the resource information and improve the resource access efficiency.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a flowchart illustrating a resource information access method according to an embodiment of the present application;
FIG. 2 is a schematic flow chart illustrating a resource information access method according to another embodiment of the present application;
FIG. 3 is a flowchart illustrating the steps of determining whether there is access rights in one embodiment of the present application;
FIG. 4 is a flowchart illustrating the steps of rights granting in one embodiment of the present application;
FIG. 5 is a flowchart illustrating a resource information access method according to another embodiment of the present application;
FIG. 6 is a schematic block diagram of a resource information access device in one embodiment of the present application;
FIG. 7 is a block diagram schematically illustrating a computer device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, but not all, embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The flow diagrams depicted in the figures are merely illustrative and do not necessarily include all of the elements and operations/steps, nor do they necessarily have to be performed in the order depicted. For example, some operations/steps may be decomposed, combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
It is to be understood that the terminology used in the description of the present application herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in the specification of the present application and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should also be understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.
The embodiment of the application provides a resource information access method, a resource information access device, computer equipment and a storage medium.
Some embodiments of the present application will be described in detail below with reference to the accompanying drawings. The embodiments described below and the features of the embodiments can be combined with each other without conflict.
Referring to fig. 1, fig. 1 is a schematic flowchart illustrating a resource information access method according to an embodiment of the present application.
Specifically, the resource information access method specifically includes:
and step S10, when a resource access instruction is received, inquiring in a preset user role list according to the received user information to obtain role information associated with the user information, so as to obtain a corresponding first role information list in a summary manner.
Wherein, the first role information list records the corresponding relation between the user and the roles contained in the system accessed currently.
When receiving the input resource access execution, the resource information access device receives the input user information, inquires in a preset user information list according to the received user information to obtain role information corresponding to the user information, and then summarizes the obtained role information to obtain a corresponding first role information list. Specifically, when a resource access instruction is received, an input window displaying login information is fed back on a corresponding display interface for a user to input information, and then when user information input by the user is received, a corresponding first role information list is obtained according to the user information.
In practical application, one system can allow multiple users to use, different roles can be defined by the system according to access authority of resource access, and different roles are granted to different users according to requirements, so that resource information is managed and controlled and accessed.
Different users have a certain corresponding relationship with each role according to the division of different functions of the system, and the corresponding relationship is embodied in that different users correspond to one or more roles, and each role corresponds to one or more different resources.
In an actual operating system, a corresponding relation between user information and role information is prestored, when input user information is received, the corresponding relation list of the prestored user information and the role information is searched according to the user information, the role information associated with the user information is summarized, and a first role information list containing all role information associated with the user information is obtained.
Step S20, querying a preset role resource list according to a target resource corresponding to the resource access instruction to obtain role information associated with the target resource, so as to obtain a corresponding second role information list by summarizing.
And recording the corresponding relation between the role information and the resource information in the second role information list.
When the resource information access device receives the resource access instruction, the resource information access device also queries the role resource list according to the target resource information corresponding to the resource access instruction so as to obtain a second role information list in which the role information associated with the target resource is recorded. Specifically, when the resource information access instruction is obtained, the resource information access instruction corresponds to target resource information that the user wants to access, that is, when the user sends the resource information access instruction through a corresponding operation instruction, the resource information that needs to be accessed is pre-selected, so that when the resource access instruction is received, the corresponding second role information list is obtained in a memory in the system according to the pre-selected target resource information.
The resource information access device records and stores the corresponding relation between the resource information and the role information, when the resource access is needed, because whether a user who accesses the resource has access authority needs to be determined, a second role information list corresponding to the target resource information needs to be acquired from a list which stores the corresponding relation between the resource information and the role information so as to determine whether the user who accesses the resource has the access authority.
Step S30, comparing the first role information list with the second role information list, and determining whether the access user corresponding to the user information has the access right of the target resource.
After a first role information list associated with the user information and a second role information list corresponding to the target resource information are obtained, the first role information list and the second role information list are compared, and whether the access user has the access right to the target resource is determined according to the obtained comparison result.
Specifically, the first role information list records usable role information of the access user, the second role information list records role information with a right to access a target resource, and when information intersection exists between the first role information list and the second role information list, it is indicated that the access user has the right to access the target resource, where the information intersection means that the role information existing in the first role information list also exists in the second role information list, for example, if the first role information list contains a, and the second role information list contains a, it is indicated that the access user can access the target resource.
If the role information recorded in the first role list and the role information recorded in the second role list do not have the same role information, it indicates that the user who wants to access the resource information does not have the access authority to the target resource information.
And step S40, when the access user has the access right of the target resource, opening the target resource for the access user to access.
When the access user is determined to have the access right to the target resource, the resource information access device opens the target resource so that the access user can access the target resource.
The resource information access device compares the first role information list with the second role information list, and when the first role information list and the second role information list have information intersection, namely the access user has access authority, corresponding target resources are opened for the access user, so that the access user can access the target resources.
In the resource information access method, when a resource access instruction is received, user information input by an access user is received, a first role information list associated with the user information is obtained according to the obtained user information, meanwhile, when the resource access instruction is received, a second role information list corresponding to the target resource information required to be accessed by the resource access instruction is obtained according to the resource access instruction, then the first role information list and the second role information list are compared, and when the access user is determined to be capable of accessing the target resource, the target resource is opened to the access user for access. The method and the device realize convenient and quick integration management of the resource information and improve the resource access efficiency.
Further, referring to fig. 2, fig. 2 is a schematic flowchart of a resource information access method in another embodiment of the present application.
Specifically, the method for accessing resource information further includes:
step S01, receiving the uploaded information of the user to be integrated, the information of the role to be integrated, the information of the resource to be integrated and the associated information, wherein the associated information comprises the associated information of the user role and the associated information of the role resource.
Step S02, obtaining a user role list recording the corresponding relation between the information of the user to be integrated and the information of the role to be integrated according to the user role association information.
Step S03, according to the role resource association information, obtaining a role resource list recording the corresponding relation between the role information to be integrated and the resource information to be integrated.
When accessing resource information, it is necessary to acquire role information associated with the resource information, and therefore, in the resource information access device, it is necessary to store in advance a correspondence relationship between a resource and a role, and also to acquire role information associated with user information, and therefore, it is necessary to store in advance a correspondence relationship between a user and a role. Specifically, when the corresponding relationship between the resource and the role is established in advance, the resource information and the role information are integrated to obtain a corresponding resource role list, and when the corresponding relationship between the user and the role is established, the user information and the role information are integrated to obtain a corresponding user role list.
When the relation between the resources and the roles is established, the uploaded information of the roles to be integrated and the information of the resources to be integrated which need to be associated are received, and the information of the roles to be integrated and the information of the resources to be integrated are correspondingly associated according to the input associated information so as to be stored in a relevant memory of the resource information access device.
In practical applications, the role resource relationship table is a resource-role relationship table (resources _ roles) defined in the database, and the relationship table defines a many-to-many relationship between roles and resources.
The relationship table (resources _ roles) of the resource and the role can be shown in the following table 1:
field(s) Type of field Description of field
id varchar(32) Recording the primary key of an id-table
resources_id varchar(32) Resource id-record id of resource table
roles_id varchar(32) Role id-record id of role table
TABLE 1
As shown in table 1 above, esources _ id and roles _ id are derived from the id fields of the resource table (resources) and role table (roles), respectively. Accordingly, the resource table (resources) and role table (roles) can be shown in the following tables 2 and 3, wherein table 2 is the resource table and table 3 is the role table. Specifically, the resource table records uploaded information of the resources to be integrated, and the role table records uploaded information of the roles to be integrated:
Figure BDA0002357239820000071
TABLE 2
Field(s) Type of field Description of field
id varchar(32) Role id-table primary key
resources_name varchar(32) Role names, such as: administrator
TABLE 3
When the corresponding relation between the role information and the resource information is stored in advance, and when the resource needs to be accessed, which roles can be used for accessing the resource to be accessed can be determined. And meanwhile, further judgment and determination are carried out according to the user information corresponding to the user carrying out resource access.
When determining whether the access user has the access right to the target resource, in addition to acquiring the second role information list recording the role information associated with the target resource, the first role information list of the role information associated with the access user needs to be acquired, so that a corresponding user role list needs to be constructed before resource access is performed. The resource information access device records and stores the corresponding relation between the user information and the role information, and the corresponding relation is obtained by the association operation performed by the staff in advance. Different user information is correspondingly associated with one or more different role information, and whether the resource information has access authority or not is determined according to the corresponding relation between the user information and the role information and the corresponding relation between the role information and the resource information when the resource information is accessed.
The user role list (user _ info) obtained in advance can be as shown in table 4 below:
Figure BDA0002357239820000081
TABLE 4
Further, referring to fig. 3, fig. 3 is a schematic flowchart illustrating a step of determining whether there is an access right in an embodiment of the present application.
Specifically, step S30, comparing the first role information list with the second role information list, and determining whether the access user corresponding to the user information has the access right of the target resource corresponding to the resource access instruction, includes:
step S31, reading first role information included in the first role information list, and reading second role information included in the second role information list;
step S32, matching the first role information with the second role information, and determining whether there is a matching item between the first role information and the second role information;
step S33, when there is a matching item between the first role information and the second role information, determining that the access user corresponding to the user information has the access authority of the target resource corresponding to the resource access instruction;
step S34, when there is no matching item between the first role information and the second role information, determining that the access user corresponding to the user information does not have the access right of the target resource corresponding to the resource access instruction.
After the first role information list and the second role information list are obtained, the first role information list and the second role information list are compared to determine whether the user currently performing resource access has the authority of performing resource access. Specifically, when a first role information list and a second role information list are obtained, first role information and second role information respectively contained in the first role information list and the second role information list are read, then the first role information and the second role information are compared, and whether the access authority for accessing the target resource exists is determined according to the obtained comparison result.
In practical applications, a plurality of roles may be assumed by one user in the system, and the first role information list records related information of all roles assumed by the user in the system, so that the number of the first role information may be multiple. Similarly, the number of pieces of second role information recorded in the second role information list in which the role-resource correspondence relationship is recorded may be plural.
After the role information recorded in the first role information list and the second role information list is obtained, the first role information and the second role information are compared. If the first role information and the second role information have a matching item, the corresponding access user has access authority; if the first role information and the second role information do not have the matching item, the corresponding access user does not have the access authority. In practical application, when the role information recorded in the obtained first role information list exists in the second role information list, that is, there is a matching item between the first role information and the second role information, it indicates that the current accessing user can access the target resource.
Specifically, the role information respectively corresponding to the first role information list and the second role information list is read, and then the read role information is matched, that is, whether the same role information exists is determined, for example, A, B, C exists in the role information contained in the first role information list, B, D, E, F exists in the role information contained in the second role information list, since the same role information B exists between the first role information list and the second role information list, it indicates that the access right exists at this time, and if D, E, F exists in the role information contained in the second role information list, it indicates that the access right does not exist at this time, and when it is determined that the access right does not exist, corresponding prompt information is sent to notify the access user that the target resource information does not have the access right.
It should be noted that the above-described steps S33 and S34 are two parallel schemes, that is, step S34 does not exist when step S33 exists, and step S33 does not exist when step S34 exists.
Further, referring to fig. 4, fig. 4 is a flowchart illustrating steps of granting permission in an embodiment of the present application.
Specifically, step S30, when the first role information list is compared with the second role information list, determines whether the access user corresponding to the user information has the access right of the target resource, and then further includes:
and step S50, when receiving the input access request instruction, sending the access request instruction to the authority management terminal associated with the target resource information.
And step S60, determining whether to grant the authority according to the received feedback information sent by the authority management terminal.
And step S70, opening the access authority of the target resource information for the access of the access user when the authority is determined to be granted.
And when determining that the access user currently performing resource access does not have the access right of the target resource information according to the obtained first role information list and the second role information list, determining whether to grant the access user with the right or not according to corresponding operation.
Specifically, when it is determined that the access user currently performing the target resource access does not have the access right, a corresponding access request instruction may be issued according to the user information of the access user, for example, according to the level or the rank of the access user, the access request instruction may be issued when the level or the rank is higher, then the access request instruction may be sent to the authority management terminal associated with the target resource information, so as to determine whether to perform the authority grant according to the feedback information sent by the authority management terminal, and finally, when the authority grant may be performed, the access right of the target resource information is opened to the current access user.
The right management end is a manager for opening the right of the resource, the number of the right management ends associated with one resource information may be one or more, and the number of the right management ends may be set to be one. When the current access user has no access right, the user can send an access request instruction through corresponding operation, or the system device can automatically send the access request instruction, and can acquire related information of a right management end associated with target resource information, and further send the access request instruction to the right management end, when the access request instruction is sent to the right management end, the access request instruction can be sent through a short message, a mail or a system default prompting mode, and the like, and the right management end operates on a corresponding operation interface to send corresponding feedback information, wherein the feedback information comprises one of grant of permission and grant of non-grant of permission.
And after the authority management terminal performs corresponding operation to send feedback information, authority management of the access user is performed according to the information contained in the feedback information, wherein the authority management comprises authority grant and authority non-grant. The target resource will be opened when the authority is granted, and the target resource will not be opened when the authority is not granted.
In addition, when the feedback information sent by the authority management end is that the authority is granted, that is, the current access user can access the resource information of the target resource, at this time, the user role list and the role resource list corresponding to the access user can be updated, and then the access user can directly access when needing to access again.
Similarly, in addition to directly updating the user role list and the role resource list corresponding to the model essay user, resource access time information can be set when the access user is allowed to access the resources, that is, the access user can access the target resources within a certain access time, and the user cannot access the target resources after the set access time is exceeded.
Further, referring to fig. 5, fig. 5 is a schematic flowchart of a resource information access method in another embodiment of the present application.
Specifically, the resource information access method further includes:
step S80, when receiving the user information management instruction, determines whether the management user who has input the user information management instruction has the management authority.
And step S90, when the management user is determined to have the management right, identifying the control information corresponding to the user information management instruction.
And step S100, acquiring the information of the user to be processed.
And step S110, carrying out corresponding processing on the user information to be processed according to the control information.
The resource information access device stores a user role list and a resource role list in advance so as to be inquired and used when resource access is carried out. However, in practical applications, the user role list and the resource role list are not always updated and changed, and may be updated accordingly according to actual needs, including addition and deletion of information. In the management, not all the persons can control, and only a specific person or persons can perform corresponding control management.
When receiving an input user information management instruction, firstly determining whether a management user inputting the user information management instruction has a management authority, then identifying control information corresponding to the received user information management instruction when determining that the acquired management user has the management authority, and finally performing user information management according to the obtained control information. Specifically, when user information management is performed, the received input user information to be processed is further processed correspondingly, including information addition and information deletion.
When user information to be processed is processed according to the control information, if the obtained control information is permission deletion, a user role list corresponding to the user information to be processed is obtained, and permission deletion is carried out according to the input selection information; and if the obtained control information is newly increased in authority, acquiring the role information to be associated and the resource information to be associated so as to establish an association relationship among the user information to be processed, the role information to be associated and the resource information to be associated, and storing the obtained association relationship.
The user role list stores the corresponding relation between the user information and the role information, and the resource role list stores the corresponding relation between the role information and the resource information. When a user information management instruction is received, firstly, the user information to be processed for user information management is determined, and then, the user role list of the user information to be processed is processed according to the actual control information.
When the obtained control information is authority deletion, acquiring a user role list corresponding to the user information to be processed, and then deleting the selected role information to be deleted from the user role list according to actual operation information, namely removing the association relation between the user information to be processed and the deleted role information; and when the obtained control information is newly increased in authority, the user selects the role information to be associated for association, and then establishes the association relationship between the role information to be associated and the user to be processed, and stores the association relationship in the corresponding user role list.
In addition, when the obtained control information is newly added with authority, a resource newly added situation exists, and then for the newly added resource information, an association relationship between the resource information and the existing or newly added role information needs to be established, and meanwhile, an association relationship between the existing role information and the newly added user information and an association relationship between the newly added role information and the existing user information or the newly added user information are also established, and after the association relationship between the terminals is established, the association relationship is stored, that is, information is updated.
Referring to fig. 6, fig. 6 is a schematic block diagram of a resource information access device according to an embodiment of the present application, where the resource information access device is configured to execute the foregoing resource information access method.
As shown in fig. 6, the resource information access device 100 includes: a first information module 101, a second information module 102, an information comparison module 103, and a resource opening module 104.
The first obtaining module 101 is configured to, when a resource access instruction is received, query a preset user role list according to received user information to obtain role information associated with the user information, so as to obtain a corresponding first role information list in a summary manner;
a second obtaining module 102, configured to query, according to a target resource corresponding to the resource access instruction, in a preset role resource list to obtain role information associated with the target resource, so as to obtain a corresponding second role information list through aggregation;
an information comparison module 103, configured to compare the first role information list with the second role information list, and determine whether an access user corresponding to the user information has an access right to the target resource;
a resource opening module 104, configured to open the target resource for the access user to access when the access user has the access right of the target resource.
Specifically, the resource information access apparatus 100 further includes: an information receiving module 105 and an information integrating module 106.
The information receiving module 105 is configured to receive the uploaded to-be-integrated user information, to-be-integrated role information, to-be-integrated resource information, and association information, where the association information includes user role association information and role resource association information.
The information integration module 106 is configured to obtain a user role list recording a corresponding relationship between the to-be-integrated user information and the to-be-integrated role information according to the user role association information; and obtaining a role resource list recording the corresponding relation between the role information to be integrated and the resource information to be integrated according to the role resource association information.
Further, in one embodiment, the information comparison module 103 includes: an information reading unit 1031, a matching judgment unit 1032, and a judgment response unit 1033.
Specifically, the information reading unit 1031 is configured to read first role information included in the first role information list and read second role information included in the second role information list; a matching judgment unit 1032, configured to match the first role information with the second role information, and determine whether there is a matching item between the first role information and the second role information; a judgment response unit 1033, configured to determine that, when there is a matching item between the first role information and the second role information, an access user corresponding to the user information has an access right of a target resource corresponding to the resource access instruction; and when the first role information and the second role information do not have a matching item, determining that the access user corresponding to the user information does not have the access authority of the target resource corresponding to the resource access instruction.
Further, in one embodiment, the resource information access apparatus 100 further includes: an instruction sending module 107 and a receiving and judging module 108.
Specifically, the instruction sending module 107 is configured to, when receiving an input access request instruction, send the received access request instruction to the rights management end associated with the target resource; a receiving and judging module 108, configured to determine whether to grant an authority according to the received feedback information sent by the authority management end; and a resource opening module 104, configured to, when it is determined to grant the right, open the access right of the target resource for the access user to access.
Further, in one embodiment, the resource information access apparatus 100 further includes a rights management module 109, an information identification module 110, an information acquisition module 111, and an instruction response module 112.
Specifically, the authority management module 109 is configured to, when receiving a user information management instruction, determine whether a management user who inputs the user information management instruction has a management authority; an information identification module 110, configured to identify control information corresponding to the user information management instruction when it is determined that the management user has the management right; an information obtaining module 111, configured to obtain information of a user to be processed; and the instruction response module 112 is configured to perform corresponding processing on the to-be-processed user information according to the control information.
Further, in an embodiment, the information obtaining module 111 is further specifically configured to: if the control information is an authority deleting instruction, acquiring a user role list corresponding to the to-be-processed user information, and deleting the authority according to the input selection information; and if the control information is an authority addition instruction, acquiring role information to be associated and resource information to be associated so as to establish an association relationship between the user information to be processed and the role information to be associated and/or the resource information to be associated and store the association relationship.
Further, in an embodiment, the resource open access module 104 is further specifically configured to: and acquiring a resource storage path corresponding to the target resource so that the access user can access the target resource according to the resource storage path.
It should be noted that, as will be clear to those skilled in the art, for convenience and brevity of description, the specific working processes of the apparatus and the modules described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The apparatus described above may be implemented in the form of a computer program which is executable on a computer device as shown in fig. 7.
Referring to fig. 7, fig. 7 is a schematic block diagram of a computer device according to an embodiment of the present application. The computer device may be a server.
Referring to fig. 7, the computer device includes a processor, a memory, and a network interface connected through a system bus, wherein the memory may include a nonvolatile storage medium and an internal memory.
The non-volatile storage medium may store an operating system and a computer program. The computer program includes program instructions that, when executed, cause a processor to perform any one of the resource information access methods.
The processor is used for providing calculation and control capability and supporting the operation of the whole computer equipment.
The internal memory provides an environment for running a computer program in the non-volatile storage medium, which when executed by the processor causes the processor to perform any one of the resource information access methods.
The network interface is used for network communication, such as sending assigned tasks and the like. Those skilled in the art will appreciate that the architecture shown in fig. 7 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
It should be understood that the Processor may be a Central Processing Unit (CPU), and the Processor may be other general purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, etc. Wherein a general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
Wherein, in one embodiment, the processor is configured to execute a computer program stored in the memory to implement the steps of:
when a resource access instruction is received, inquiring in a preset user role list according to received user information to obtain role information associated with the user information, so as to obtain a corresponding first role information list in a summary manner; inquiring a target resource corresponding to the resource access instruction in a preset role resource list to obtain role information associated with the target resource so as to obtain a corresponding second role information list in a summary manner; comparing the first role information list with the second role information list, and determining whether an access user corresponding to the user information has the access authority of the target resource; and when the access user has the access right of the target resource, opening the target resource for the access user to access.
In one embodiment, when implementing the resource information access method, the processor is further configured to implement:
receiving uploaded to-be-integrated user information, to-be-integrated role information, to-be-integrated resource information and associated information, wherein the associated information comprises user role associated information and role resource associated information; obtaining a user role list recording the corresponding relation between the user information to be integrated and the role information to be integrated according to the user role association information; and obtaining a role resource list recording the corresponding relation between the role information to be integrated and the resource information to be integrated according to the role resource association information.
In one embodiment, when the comparing the first role information list with the second role information list is implemented to determine whether the access user corresponding to the user information has the access right of the target resource corresponding to the resource access instruction, the processor is further configured to implement:
reading first role information contained in the first role information list and reading second role information contained in the second role information list; matching the first role information with the second role information, and determining whether a matching item exists between the first role information and the second role information; when the first role information and the second role information have a matching item, determining that an access user corresponding to the user information has an access authority of a target resource corresponding to the resource access instruction; and when the first role information and the second role information do not have a matching item, determining that the access user corresponding to the user information does not have the access authority of the target resource corresponding to the resource access instruction.
In one embodiment, after the comparing the first role information list with the second role information list and determining whether the access user corresponding to the user information has the access right of the target resource, the processor is further configured to:
when receiving an input access request instruction, sending the received access request instruction to an authority management terminal associated with a target resource; determining whether to grant the authority or not according to the received feedback information sent by the authority management terminal; and opening the access authority of the target resource for the access of the access user when the authority is determined to be granted.
In one embodiment, the processor, when implementing the resource information access, is further configured to implement:
when a user information management instruction is received, determining whether a management user who inputs the user information management instruction has a management authority; when the management user is determined to have the management right, identifying control information corresponding to the user information management instruction; acquiring user information to be processed; and correspondingly processing the user information to be processed according to the control information.
In an embodiment, when the processor implements the corresponding processing on the to-be-processed user information according to the control information, the processor is further configured to implement:
if the control information is an authority deleting instruction, acquiring a user role list corresponding to the to-be-processed user information, and deleting the authority according to the input selection information; and if the control information is an authority addition instruction, acquiring role information to be associated and resource information to be associated so as to establish an association relation between the user information to be processed and the role information to be associated and/or the resource information to be associated and store the association relation.
In one embodiment, the processor, when implementing the opening of the target resource for access by the accessing user, is further configured to implement:
and acquiring a resource storage path corresponding to the target resource so that the access user can access the target resource according to the resource storage path.
The embodiment of the application further provides a computer-readable storage medium, wherein a computer program is stored in the computer-readable storage medium, the computer program comprises program instructions, and the processor executes the program instructions to implement any resource information access method provided by the embodiment of the application.
The computer-readable storage medium may be an internal storage unit of the computer device described in the foregoing embodiment, for example, a hard disk or a memory of the computer device. The computer readable storage medium may also be an external storage device of the computer device, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like provided on the computer device.
While the invention has been described with reference to specific embodiments, the scope of the invention is not limited thereto, and those skilled in the art can easily conceive various equivalent modifications or substitutions within the technical scope of the invention. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (10)

1. A resource information access method is characterized by comprising the following steps:
when a resource access instruction is received, inquiring in a preset user role list according to received user information to obtain role information associated with the user information, so as to obtain a corresponding first role information list in a summary manner;
inquiring a target resource corresponding to the resource access instruction in a preset role resource list to obtain role information associated with the target resource so as to obtain a corresponding second role information list in a summary manner;
comparing the first role information list with the second role information list, and determining whether an access user corresponding to the user information has the access authority of the target resource;
and when the access user has the access right of the target resource, opening the target resource for the access user to access.
2. The method of claim 1, further comprising:
receiving uploaded to-be-integrated user information, to-be-integrated role information, to-be-integrated resource information and associated information, wherein the associated information comprises user role associated information and role resource associated information;
obtaining a user role list recording the corresponding relation between the user information to be integrated and the role information to be integrated according to the user role association information;
and obtaining a role resource list recording the corresponding relation between the role information to be integrated and the resource information to be integrated according to the role resource association information.
3. The method for accessing resource information according to claim 1, wherein the comparing the first role information list with the second role information list to determine whether the access user corresponding to the user information has the access right of the target resource corresponding to the resource access instruction includes:
reading first role information contained in the first role information list and reading second role information contained in the second role information list;
matching the first role information with the second role information, and determining whether a matching item exists between the first role information and the second role information;
when the first role information and the second role information have a matching item, determining that an access user corresponding to the user information has an access authority of a target resource corresponding to the resource access instruction;
and when the first role information and the second role information do not have a matching item, determining that the access user corresponding to the user information does not have the access authority of the target resource corresponding to the resource access instruction.
4. The method according to claim 1, wherein after comparing the first role information list with the second role information list and determining whether the access user corresponding to the user information has the access right to the target resource, the method further comprises:
when receiving an input access request instruction, sending the received access request instruction to an authority management terminal associated with a target resource;
determining whether to grant the authority or not according to the received feedback information sent by the authority management terminal;
and opening the access authority of the target resource for the access of the access user when the authority is determined to be granted.
5. The method of any of claims 1 to 4, wherein the method further comprises:
when a user information management instruction is received, determining whether a management user who inputs the user information management instruction has a management authority;
when the management user is determined to have the management right, identifying control information corresponding to the user information management instruction;
acquiring user information to be processed;
and correspondingly processing the user information to be processed according to the control information.
6. The method according to claim 5, wherein said performing corresponding processing on the user information to be processed according to the control information includes:
if the control information is an authority deleting instruction, acquiring a user role list corresponding to the to-be-processed user information, and deleting the authority according to the input selection information;
and if the control information is an authority addition instruction, acquiring role information to be associated and resource information to be associated so as to establish an association relation between the user information to be processed and the role information to be associated and/or the resource information to be associated and store the association relation.
7. The method according to claim 5, wherein said opening the target resource for the accessing of the accessing user comprises:
and acquiring a resource storage path corresponding to the target resource so that the access user can access the target resource according to the resource storage path.
8. A resource information access apparatus, characterized in that the resource information access apparatus comprises:
the first acquisition module is used for inquiring in a preset user role list according to received user information to obtain role information associated with the user information when a resource access instruction is received so as to obtain a corresponding first role information list in a summary manner;
the second obtaining module is used for inquiring in a preset role resource list according to a target resource corresponding to the resource access instruction to obtain role information associated with the target resource so as to obtain a corresponding second role information list in a summary manner;
the information comparison module is used for comparing the first role information list with the second role information list and determining whether an access user corresponding to the user information has the access authority of the target resource;
and the resource opening module is used for opening the target resource for the access of the access user when the access user has the access right of the target resource.
9. A computer device comprising a memory and a processor, the memory having stored therein computer-readable instructions which, when executed by the processor, cause the processor to perform the steps of the resource information access method of any one of claims 1 to 7.
10. A computer-readable storage medium storing a computer program, wherein the computer-readable instructions, when executed by the processors, cause one or more processors to perform the steps of the resource information access method of any one of claims 1 to 7.
CN202010011290.5A 2020-01-06 2020-01-06 Resource information access method and device, computer equipment and storage medium Pending CN111199028A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010011290.5A CN111199028A (en) 2020-01-06 2020-01-06 Resource information access method and device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010011290.5A CN111199028A (en) 2020-01-06 2020-01-06 Resource information access method and device, computer equipment and storage medium

Publications (1)

Publication Number Publication Date
CN111199028A true CN111199028A (en) 2020-05-26

Family

ID=70746843

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010011290.5A Pending CN111199028A (en) 2020-01-06 2020-01-06 Resource information access method and device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN111199028A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112202823A (en) * 2020-12-07 2021-01-08 杭州筋斗腾云科技有限公司 Network resource access system and method, user portal and resource portal
CN112835870A (en) * 2021-01-28 2021-05-25 山东浪潮通软信息科技有限公司 Content caching method and system based on user permission
CN112883390A (en) * 2021-02-18 2021-06-01 腾讯科技(深圳)有限公司 Authority control method and device and storage medium
CN112906028A (en) * 2021-03-04 2021-06-04 广州虎牙科技有限公司 Access control method, device, electronic equipment and computer readable storage medium
CN113792270A (en) * 2021-09-29 2021-12-14 北京字跳网络技术有限公司 Authority resource configuration method and device, storage medium and electronic equipment

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112202823A (en) * 2020-12-07 2021-01-08 杭州筋斗腾云科技有限公司 Network resource access system and method, user portal and resource portal
CN112835870A (en) * 2021-01-28 2021-05-25 山东浪潮通软信息科技有限公司 Content caching method and system based on user permission
CN112835870B (en) * 2021-01-28 2023-01-24 浪潮通用软件有限公司 Content caching method and system based on user permission
CN112883390A (en) * 2021-02-18 2021-06-01 腾讯科技(深圳)有限公司 Authority control method and device and storage medium
CN112883390B (en) * 2021-02-18 2022-04-22 腾讯科技(深圳)有限公司 Authority control method and device and storage medium
CN112906028A (en) * 2021-03-04 2021-06-04 广州虎牙科技有限公司 Access control method, device, electronic equipment and computer readable storage medium
CN113792270A (en) * 2021-09-29 2021-12-14 北京字跳网络技术有限公司 Authority resource configuration method and device, storage medium and electronic equipment

Similar Documents

Publication Publication Date Title
CN111199028A (en) Resource information access method and device, computer equipment and storage medium
US7797453B2 (en) Resource standardization in an off-premise environment
US9864868B2 (en) Method and apparatus for process enforced configuration management
CN107798038B (en) Data response method and data response equipment
US9727577B2 (en) System and method to store third-party metadata in a cloud storage system
TWI364677B (en) Method, system, and apparatus for discovering and connecting to data sources
US8572023B2 (en) Data services framework workflow processing
CN109889517B (en) Data processing method, permission data set creating device and electronic equipment
EP2178033A1 (en) Populating a multi-relational enterprise social network with disparate source data
US9355270B2 (en) Security configuration systems and methods for portal users in a multi-tenant database environment
CN110162994A (en) Authority control method, system, electronic equipment and computer readable storage medium
CN110225039A (en) Authority models acquisition, method for authenticating, gateway, server and storage medium
US11151088B2 (en) Systems and methods for verifying performance of a modification request in a database system
US11475064B2 (en) System and method in a database system for creating a field service work order
WO2019227572A1 (en) Association topological graph-based collaborative office processing method and apparatus, device, and medium
CN114493901A (en) Data access application processing method and device, computer equipment and storage medium
JP2003108440A (en) Data disclosing method, data disclosing program, and data disclosing device
CN117499124A (en) Access control method and device
CN115543428A (en) Simulated data generation method and device based on strategy template
US9542457B1 (en) Methods for displaying object history information
CN113742369B (en) Data authority management method, system and storage medium
CN109241727A (en) Authority setting method and device
CN114065254A (en) Data processing method, device, electronic equipment, medium and product
CN115185973A (en) Data resource sharing method, platform, device and storage medium
CN111563250A (en) Authority management method, device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination