CN111274561A - Identity management method, device, equipment and storage medium - Google Patents
Identity management method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN111274561A CN111274561A CN202010128324.9A CN202010128324A CN111274561A CN 111274561 A CN111274561 A CN 111274561A CN 202010128324 A CN202010128324 A CN 202010128324A CN 111274561 A CN111274561 A CN 111274561A
- Authority
- CN
- China
- Prior art keywords
- terminal
- identity management
- information
- employee
- modification request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
- G06F21/445—Program or device authentication by mutual authentication, e.g. between devices or programs
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses an identity management method, an identity management device, identity management equipment and a storage medium. The method is applied to an identity management system, the identity management system forwards an authority modification request sent by an employee to a key user, the key user generates request information according to the authority modification request, the identity management system forwards the request information sent by the key user to an approval user, when the approval result sent by the approval user is approved, the request information is sent to a target subsystem, and the target subsystem is used for modifying the authority according to the request information. The embodiment of the invention uniformly manages the users of each subsystem through the identity management system, avoids different authorization modes of different systems, reduces the enterprise management cost and improves the management efficiency.
Description
Technical Field
Embodiments of the present invention relate to computer technologies, and in particular, to an identity management method, apparatus, device, and storage medium.
Background
With the gradual deepening of enterprise information construction, the environment for enterprise information management is more and more complex. In order to meet the requirements of different business departments and different function management in the departments, various management systems are established, in the management systems, the personnel identity information is stored in a local directory and a database, and the databases of the management systems are different from each other, so that a large amount of isolated and dispersed identity information and authority management modes can be generated, and the burden and high cost of enterprise information management are increased. Because these systems are operated separately and hermetically, information in each information management system of an enterprise is often inconsistent, and effective management of enterprise information cannot be realized.
Disclosure of Invention
The invention provides an identity management method, an identity management device, identity management equipment and a storage medium, which are used for avoiding different authorization modes of different systems, reducing enterprise management cost and improving management efficiency.
In a first aspect, an embodiment of the present invention provides an identity management method, which is applied to an identity management system, and includes:
the method comprises the steps that an authority modification request sent by a first terminal is forwarded to a second terminal, wherein the first terminal is a terminal used by an employee, and the second terminal is a terminal used by a key user;
forwarding request information generated by the second terminal based on the permission modification request to a third terminal, wherein the third terminal is a terminal used by an approval user;
and when the approval result sent by the third terminal is determined to be approved, sending the request information to a target subsystem, wherein the target subsystem is used for modifying the authority according to the request information.
Optionally, the permission modification request includes identification information used for characterizing a target subsystem, and the request information generated by the second terminal based on the permission modification request is forwarded to a third terminal, where the permission modification request includes:
determining a target subsystem according to the identification information;
and sending the request information to a third terminal corresponding to the target subsystem.
Optionally, the identity management method further includes:
and when the approval result is that the approval is not passed, sending prompt information to the first terminal and the second terminal.
Optionally, the identity management method further includes:
forwarding the password modification request sent by the first terminal to the second terminal;
and sending the new password sent by the second terminal to a target subsystem, wherein the target subsystem is used for modifying the password of the employee into the new password.
Optionally, before forwarding the permission modification request sent by the first terminal to the second terminal, the method further includes:
acquiring an organization architecture of a personnel system and basic information of staff;
determining key users and approval users based on the organizational structure;
and acquiring the authority of the staff of each subsystem.
Optionally, the permission modification request includes identity information of the employee, and the permission modification request sent by the first terminal is forwarded to the second terminal, including:
determining identity information of the employee;
and when the identity information of the employee is matched with the authority to be added in the authority modification request, forwarding the authority modification request to a second terminal.
Optionally, after obtaining the basic information of the organization architecture and the staff of the personnel system, the method further includes:
determining the entry date of the employee, wherein the basic information of the employee comprises the entry date;
acquiring an update record of the all-purpose card system;
and sending an updating instruction to the all-purpose card system according to the employee enrollment date and the updating record of the all-purpose card system, wherein the all-purpose card system is used for updating according to the updating instruction.
In a second aspect, an embodiment of the present invention further provides an identity management apparatus, which is applied to an identity management system, and the apparatus includes:
the system comprises a modification request forwarding module, a first terminal and a second terminal, wherein the modification request forwarding module is used for forwarding an authority modification request sent by the first terminal to the second terminal, the first terminal is used by an employee, and the second terminal is used by a key user;
the request information forwarding module is used for forwarding the request information generated by the second terminal based on the permission modification request to a third terminal, and the third terminal is a terminal used by an approval user;
and the request information sending module is used for sending the request information to a target subsystem when the approval result sent by the third terminal is determined to be approved, and the target subsystem is used for modifying the authority according to the request information.
In a third aspect, an embodiment of the present invention further provides a computer device, including:
one or more processors;
storage means for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement the identity management method as provided in the first aspect of the invention.
In a fourth aspect, an embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the identity management method according to the first aspect of the present invention.
The identity management method provided by the embodiment of the invention is applied to an identity management system, the identity management system forwards the permission modification request sent by an employee to a key user, the key user generates request information according to the permission modification request, the identity management system forwards the request information sent by the key user to an approval user, when the approval result sent by the approval user is approved, the request information is sent to a target subsystem, and the target subsystem is used for carrying out permission modification according to the request information. The embodiment of the invention uniformly manages the users of each subsystem through the identity management system, avoids different authorization modes of different systems, reduces the enterprise management cost and improves the management efficiency.
Drawings
Fig. 1 is a flowchart of an identity management method according to an embodiment of the present invention;
fig. 2 is a flowchart of an identity management method according to a second embodiment of the present invention;
fig. 3 is a schematic structural diagram of an identity management apparatus according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a computer device according to a fourth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Example one
The embodiment of the invention provides an identity management method, which is applied to an identity management system (IDM), can be suitable for identity and authority management of various management systems of medium-sized and large-sized enterprises, and can be executed by an identity management device provided by the invention, wherein the identity management device can be realized in a software and/or hardware mode and is integrated in computer equipment.
The identity management system is a comprehensive management system, solves the user management problem of each independent system of a company, ensures the consistency and the real-time performance of user data information among systems, can be connected with each subsystem, and manages the continuously changing life cycle of employees from job entry to job leaving, such as: the user enters jobs to uniformly create a system account, endow system authority, authority modification, automatic deletion of the job leaving authority and automatic locking of the account.
Fig. 1 is a flowchart of an identity management method according to an embodiment of the present invention, and as shown in fig. 1, the method specifically includes the following steps:
s101, the permission modification request sent by the first terminal is forwarded to the second terminal.
Illustratively, the first terminal is a terminal used by an employee, and the second terminal is a terminal used by a key user. The terminal in the embodiment of the present invention is a terminal device located at the outermost periphery of a network in a computer network, and is mainly used for inputting user information and outputting processing results, and may include a computer, a smart phone, a tablet computer, and the like. The employee may be a common employee, and the key user may be a superior of the common employee, for example, a middle-level manager of each department.
Each terminal is configured with operating software associated with the identity management system, and an employee uses an account and a login password of the employee in the identity management system to log in at the first terminal and send an authority modification request to the identity management system, wherein the authority modification request comprises identification information used for representing a target subsystem and authority information to be modified. For example, when an employee wants to apply for quality management authority of an SAP (System Applications and Products, enterprise management solution) subsystem, an authority modification request including identification information "SAP" for characterizing an SAP System and authority information "QM" to be modified may be sent to an identity management System through a first terminal.
And the identity management system forwards the permission modification request to a second terminal of the key user and informs the key user in the modes of instant information, mails and the like.
And S102, forwarding the request information generated by the second terminal based on the permission modification request to a third terminal.
Illustratively, the key user logs in by using the account number and the login secret of the key user in the identity management system, performs preliminary examination on the permission modification request, generates request information through the second terminal when the permission modification request is determined to meet the requirement, and forwards the request information to the third terminal, wherein the third terminal is a terminal used by the approval user. Illustratively, the approval user may be a department leader.
Specifically, the request information is generated based on the permission modification request, and includes identification information for characterizing the target subsystem and permission information to be modified. Step S102, forwarding the request information generated by the second terminal based on the permission modification request to the third terminal, comprising the following steps:
and S1021, determining a target subsystem according to the identification information.
Illustratively, each subsystem has unique identification information, for example, the identification information for characterizing the SAP subsystem is "SAP", and the identity management system can determine the target subsystem through the identification information.
And S1022, sending the request information to a third terminal corresponding to the target subsystem.
Illustratively, each subsystem has a corresponding approval user, and after determining the target subsystem, the identity management system sends the request information to a third terminal of the approval user corresponding to the target subsystem.
And S103, when the approval result sent by the third terminal is determined to be approved, sending the request information to the target subsystem.
Illustratively, the third terminal parses the request message and determines the right to be modified. And the approval user logs in the account and the login secret of the approval user in the identity management system, verifies the authority to be modified, and sends an approval result of approval to the identity management system through the third terminal when the employee is determined to be qualified in authorization.
And when the identity management system determines that the approval result is approved, the identity management system sends the request information to the target subsystem and informs the key users and the applied staff in the modes of instant information, mails and the like.
And the target subsystem is used for modifying the authority according to the authority to be modified in the request information, such as adding or deleting the authority.
Illustratively, when the employee is determined not to be qualified for authorization, the approval result that the approval fails is sent to the identity management system through the third terminal. And when the identity management system determines that the approval result is that the approval is not passed, the identity management system sends prompt information to the first terminal and the second terminal to inform the staff and the key user that the approval is not passed.
The identity management method provided by the embodiment of the invention is applied to an identity management system, the identity management system forwards the permission modification request sent by an employee to a key user, the key user generates request information according to the permission modification request, the identity management system forwards the request information sent by the key user to an approval user, when the approval result sent by the approval user is approved, the request information is sent to a target subsystem, and the target subsystem is used for carrying out permission modification according to the request information. The embodiment of the invention uniformly manages the users of each subsystem through the identity management system, avoids different authorization modes of different systems, reduces the enterprise management cost and improves the management efficiency.
Illustratively, on the basis of the foregoing embodiment, the identity management method further includes:
and forwarding the password modification request sent by the first terminal to the second terminal.
And sending the new password sent by the second terminal to a target subsystem, wherein the target subsystem is used for modifying the password of the employee into the new password.
For example, when the employee forgets the login password of the employee in a certain subsystem, the employee can log in on the first terminal by using the account number and the login password of the employee in the identity management system, and send a password modification request to the identity management system, wherein the permission modification request comprises identification information for characterizing the target subsystem. And the identity management system determines the target subsystem according to the representation information and forwards the password modification request to the second terminal.
And after receiving the password modification request, the key user sends the new password to the identity management system through the second terminal. And the identity management system sends the new password sent by the second terminal to the target subsystem and informs the staff of the new password in the modes of instant information, mails and the like. The target subsystem is used for modifying the password of the employee into a new password.
Example two
An embodiment of the present invention provides another identity management method, which is detailed on the basis of the embodiment one, and fig. 2 is a flowchart of the identity management method provided by the embodiment two, as shown in fig. 2, the method includes:
s201, acquiring basic information of organization architecture and staff of the personnel system.
For example, an administrator of the identity management system configures and connects each subsystem, and after connecting with the personnel system, obtains the organization architecture of the personnel system and the basic information of the staff.
An organization architecture (organization Structure) refers to an overall Structure of an organization, and is the most basic structural basis for enterprise flow operation, department setting, functional planning, and the like.
The basic information of the employee includes identity information (such as a job number or an identification number) of the employee, and the position where the employee is located in the organizational framework.
Illustratively, the basic information of the employee includes an enrollment date, and after acquiring the organization architecture of the personnel system and the basic information of the employee, the method further includes:
determining the date of employee enrollment.
And acquiring the update record of the one-card system, and determining the date of the latest update of the one-card system.
And sending an updating instruction to the all-purpose card system according to the employee enrollment date and the updating record of the all-purpose card system, wherein the all-purpose card system is used for updating according to the updating instruction and inputting the basic information of the employee into the all-purpose card system. Specifically, when the employee's attendance date is after the latest update date of the all-purpose card system, an update instruction is sent to the all-purpose card system, the all-purpose card system is updated, and the basic information of the employee is input into the all-purpose card system; when the working dates of all the employees are before the date of the latest update of the one-card system, the fact that the basic information of all the employees is recorded into the one-card system is indicated, and the one-card system does not need to be updated.
S202, determining key users and approval users based on the organization architecture.
Key users and approval users are determined based on positions in the organizational structure. For example, the key user may be a superior level of the general employee, such as a middle-level manager of each department, and the approval user may be a department leader.
And S203, acquiring the authority of the staff of each subsystem.
In each subsystem, each employee has a corresponding authority, and after the identity management system acquires the organization architecture of the personnel system and the basic information of the employee, the authority of each employee in each subsystem is further acquired.
And S204, forwarding the permission modification request sent by the first terminal to the second terminal.
Illustratively, on the basis of the foregoing embodiment, in this embodiment, the authority modification request includes identity information (for example, a job number) of the employee, and the identity management system determines the identity information of the employee after receiving the authority modification request sent by the first terminal, and determines whether the identity information of the employee matches the authority to be added in the authority modification request, or whether the identity information of the employee qualifies as the authority to be added.
And when the identity information of the employee is matched with the authority to be added in the authority modification request, forwarding the authority modification request to the second terminal.
When the identity information of the employee is not matched with the authority to be added in the authority modification request, the employee is informed of the refusal of the authority modification request through instant messages, mails and the like.
S205, forwarding the request information generated by the second terminal based on the permission modification request to the third terminal.
And S206, when the approval result sent by the third terminal is determined to be approved, sending the request information to the target subsystem.
The identity management method provided by the embodiment of the invention is applied to an identity management system, the identity management system forwards the permission modification request sent by an employee to a key user, the key user generates request information according to the permission modification request, the identity management system forwards the request information sent by the key user to an approval user, when the approval result sent by the approval user is approved, the request information is sent to a target subsystem, and the target subsystem is used for carrying out permission modification according to the request information. The embodiment of the invention uniformly manages the users of each subsystem through the identity management system, avoids different authorization modes of different systems, reduces the enterprise management cost and improves the management efficiency.
EXAMPLE III
A third embodiment of the present invention provides an identity management device, which is applied to an identity management system, and fig. 3 is a schematic structural diagram of the identity management device provided in the third embodiment of the present invention, as shown in fig. 3, the identity management device includes:
a modification request forwarding module 301, configured to forward an authority modification request sent by a first terminal to a second terminal, where the first terminal is a terminal used by an employee, and the second terminal is a terminal used by a key user;
a request information forwarding module 302, configured to forward request information generated by the second terminal based on the permission modification request to a third terminal, where the third terminal is a terminal used by an approval user;
a request information sending module 303, configured to send the request information to a target subsystem when it is determined that the approval result sent by the third terminal passes the approval, where the target subsystem is configured to modify the permission according to the request information.
In some embodiments of the present invention, the permission modification request includes identification information for characterizing a target subsystem, and the request information forwarding module 302 includes:
the target subsystem determining unit is used for determining a target subsystem according to the identification information;
and the request information sending unit is used for sending the request information to a third terminal corresponding to the target subsystem.
In some embodiments of the invention, the apparatus further comprises:
and the prompt information sending module is used for sending prompt information to the first terminal and the second terminal when the approval result is that the approval is not passed.
In some embodiments of the invention, the apparatus further comprises:
and a password modification request forwarding module. The password modification request is used for forwarding the password modification request sent by the first terminal to the second terminal;
and the password sending module is used for sending the new password sent by the second terminal to a target subsystem, and the target subsystem is used for modifying the password of the employee into the new password.
In some embodiments of the invention, the apparatus further comprises:
the personnel information acquisition module is used for acquiring the organization architecture of the personnel system and the basic information of the staff before forwarding the authority modification request sent by the first terminal to the second terminal;
the user determination module is used for determining key users and approval users based on the organization architecture;
and the authority acquisition module is used for acquiring the authority of the staff of each subsystem.
In some embodiments of the present invention, the permission modification request includes identity information of an employee, and the modification request forwarding module 301 may include:
the identity information determining unit is used for determining the identity information of the employee;
and the modification request sending unit is used for forwarding the authority modification request to the second terminal when the identity information of the employee is matched with the authority to be added in the authority modification request.
In some embodiments of the invention, the apparatus further comprises:
the system comprises an attendance date determining module, a time determining module and a time determining module, wherein the attendance date determining module is used for determining the attendance date of the employee, and the basic information of the employee comprises the attendance date;
the updating record obtaining module is used for obtaining the updating record of the all-purpose card system;
and the updating instruction sending module is used for sending an updating instruction to the all-purpose card system according to the employee enrollment date and the updating record of the all-purpose card system, and the all-purpose card system is used for updating according to the updating instruction.
The identity management device provided by the embodiment of the invention is applied to an identity management system, the modification request forwarding module forwards the permission modification request sent by an employee to a key user, the key user generates request information according to the permission modification request, the request information forwarding module forwards the request information sent by the key user to an examining and approving user, when the examining and approving result sent by the examining and approving user is determined to be that the examining and approving is passed, the request information sending module sends the request information to a target subsystem, and the target subsystem is used for modifying the permission according to the request information. The embodiment of the invention uniformly manages the users of each subsystem through the identity management system, avoids different authorization modes of different systems, reduces the enterprise management cost and improves the management efficiency.
Example four
An embodiment of the present invention further provides a computer device, and fig. 4 is a schematic structural diagram of a computer device provided in a fourth embodiment of the present invention, as shown in fig. 4, the computer device includes: a processor 401, a memory 402, a communication module 403, an input device 404, and an output device 405; the number of the processors 401 in the computer device may be one or more, and one processor 401 is taken as an example in fig. 4; the processor 401, the memory 402, the communication module 403, the input device 404 and the output device 405 in the computer apparatus may be connected by a bus or other means, and fig. 4 illustrates an example of connection by a bus. The processor 401, the memory 402, the communication module 403, the input device 404 and the output device 405 may be integrated on a control board of the computer apparatus.
The memory 402 is a computer-readable storage medium, and can be used for storing software programs, computer-executable programs, and modules, such as the modules corresponding to the identity management methods in the above embodiments (for example, the modification request forwarding module 301, the request information forwarding module 302, and the request information sending module 303 in an identity management apparatus). The processor 401 executes various functional applications and data processing of the computer device by executing software programs, instructions and modules stored in the memory 402, namely, implements the identity management method described above.
The memory 402 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required for at least one function; the storage data area may store data created according to use of the computer device, and the like. Further, the memory 402 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some examples, the memory 402 may further include memory located remotely from the processor 401, which may be connected to an electronic device through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
And a communication module 403, configured to establish a connection with an external device (e.g., an intelligent terminal), and implement data interaction with the external device. The input device 404 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function controls of the computer apparatus.
The computer device provided by the embodiment can execute the identity management method provided by the first embodiment and the second embodiment of the invention, and has corresponding functions and beneficial effects.
EXAMPLE five
An embodiment of the present invention provides a storage medium containing computer-executable instructions, where a computer program is stored on the storage medium, and when the computer program is executed by a processor, the identity management method provided in the embodiment of the present invention is implemented, where the method includes:
the method comprises the steps that an authority modification request sent by a first terminal is forwarded to a second terminal, wherein the first terminal is a terminal used by an employee, and the second terminal is a terminal used by a key user;
forwarding request information generated by the second terminal based on the permission modification request to a third terminal, wherein the third terminal is a terminal used by an approval user;
and when the approval result sent by the third terminal is determined to be approved, sending the request information to a target subsystem, wherein the target subsystem is used for modifying the authority according to the request information.
Of course, the storage medium provided by the embodiment of the present invention contains computer-executable instructions, and the computer-executable instructions are not limited to the method operations described above, and may also perform related operations in the identity management method provided by the embodiment of the present invention.
It should be noted that, as for the apparatus, the computer device and the storage medium embodiment, since they are basically similar to the method embodiment, the description is relatively simple, and in relation to the description, reference may be made to part of the description of the method embodiment.
From the above description of the embodiments, it is obvious for those skilled in the art that the present invention can be implemented by software and necessary general hardware, and certainly, can also be implemented by hardware, but the former is a better embodiment in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, and the computer software product may be stored in a computer-readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, and includes several instructions to enable a computer device (which may be a robot, a personal computer, a server, or a network device) to execute the identity management method according to any embodiment of the present invention.
It should be noted that, in the above apparatus, each unit and each module included in the apparatus are merely divided according to functional logic, but are not limited to the above division as long as the corresponding functions can be implemented; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by suitable instruction execution devices. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.
Claims (10)
1. An identity management method is applied to an identity management system and comprises the following steps:
the method comprises the steps that an authority modification request sent by a first terminal is forwarded to a second terminal, wherein the first terminal is a terminal used by an employee, and the second terminal is a terminal used by a key user;
forwarding request information generated by the second terminal based on the permission modification request to a third terminal, wherein the third terminal is a terminal used by an approval user;
and when the approval result sent by the third terminal is determined to be approved, sending the request information to a target subsystem, wherein the target subsystem is used for modifying the authority according to the request information.
2. The identity management method of claim 1, wherein the permission modification request includes identification information for characterizing a target subsystem, and forwarding request information generated by the second terminal based on the permission modification request to a third terminal comprises:
determining a target subsystem according to the identification information;
and sending the request information to a third terminal corresponding to the target subsystem.
3. The identity management method of claim 1, further comprising:
and when the approval result is that the approval is not passed, sending prompt information to the first terminal and the second terminal.
4. The identity management method of claim 1, further comprising:
forwarding the password modification request sent by the first terminal to the second terminal;
and sending the new password sent by the second terminal to a target subsystem, wherein the target subsystem is used for modifying the password of the employee into the new password.
5. The identity management method of claim 1, wherein before forwarding the permission modification request sent by the first terminal to the second terminal, the method further comprises:
acquiring an organization architecture of a personnel system and basic information of staff;
determining key users and approval users based on the organizational structure;
and acquiring the authority of the staff of each subsystem.
6. The identity management method of claim 5, wherein the permission modification request includes identity information of an employee, and the step of forwarding the permission modification request sent by the first terminal to the second terminal includes:
determining identity information of the employee;
and when the identity information of the employee is matched with the authority to be added in the authority modification request, forwarding the authority modification request to a second terminal.
7. The identity management method of claim 5, after obtaining basic information of the organization architecture and the staff of the personnel system, further comprising:
determining the entry date of the employee, wherein the basic information of the employee comprises the entry date;
acquiring an update record of the all-purpose card system;
and sending an updating instruction to the all-purpose card system according to the employee enrollment date and the updating record of the all-purpose card system, wherein the all-purpose card system is used for updating according to the updating instruction.
8. An identity management device, which is applied to an identity management system, comprises:
the system comprises a modification request forwarding module, a first terminal and a second terminal, wherein the modification request forwarding module is used for forwarding an authority modification request sent by the first terminal to the second terminal, the first terminal is used by an employee, and the second terminal is used by a key user;
the request information forwarding module is used for forwarding the request information generated by the second terminal based on the permission modification request to a third terminal, and the third terminal is a terminal used by an approval user;
and the request information sending module is used for sending the request information to a target subsystem when the approval result sent by the third terminal is determined to be approved, and the target subsystem is used for modifying the authority according to the request information.
9. A computer device, comprising:
one or more processors;
storage means for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement the identity management method of any of claims 1-7.
10. A computer-readable storage medium, on which a computer program is stored, which program, when being executed by a processor, is adapted to carry out the identity management method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010128324.9A CN111274561A (en) | 2020-02-28 | 2020-02-28 | Identity management method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010128324.9A CN111274561A (en) | 2020-02-28 | 2020-02-28 | Identity management method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111274561A true CN111274561A (en) | 2020-06-12 |
Family
ID=71000407
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010128324.9A Pending CN111274561A (en) | 2020-02-28 | 2020-02-28 | Identity management method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111274561A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111931955A (en) * | 2020-07-22 | 2020-11-13 | 北京字节跳动网络技术有限公司 | Information processing method and device and electronic equipment |
| CN112270529A (en) * | 2020-10-29 | 2021-01-26 | 北京字跳网络技术有限公司 | Method and device for examining and approving business form, electronic equipment and storage medium |
| CN112464201A (en) * | 2020-11-02 | 2021-03-09 | 中国建设银行股份有限公司 | Token automatic issuing system, method and storage medium |
| CN114596064A (en) * | 2022-03-03 | 2022-06-07 | 北京荣达天下信息科技有限公司 | Work order-based automatic management method and system for admission authority |
| CN115102765A (en) * | 2022-06-22 | 2022-09-23 | 北京声智科技有限公司 | Authority configuration method and device, electronic equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102737304A (en) * | 2012-07-03 | 2012-10-17 | 成都科星电力电器有限公司 | Method and system for office automation |
| CN108629567A (en) * | 2018-05-09 | 2018-10-09 | 平安科技(深圳)有限公司 | Declaration information processing method, device, computer equipment and storage medium |
| WO2019019636A1 (en) * | 2017-07-25 | 2019-01-31 | 平安科技(深圳)有限公司 | User identification method, electronic device, and computer readable storage medium |
| CN109978504A (en) * | 2019-03-25 | 2019-07-05 | 金在(北京)金融信息服务有限公司 | Processing method, device, equipment and the storage medium of financial data |
-
2020
- 2020-02-28 CN CN202010128324.9A patent/CN111274561A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102737304A (en) * | 2012-07-03 | 2012-10-17 | 成都科星电力电器有限公司 | Method and system for office automation |
| WO2019019636A1 (en) * | 2017-07-25 | 2019-01-31 | 平安科技(深圳)有限公司 | User identification method, electronic device, and computer readable storage medium |
| CN108629567A (en) * | 2018-05-09 | 2018-10-09 | 平安科技(深圳)有限公司 | Declaration information processing method, device, computer equipment and storage medium |
| CN109978504A (en) * | 2019-03-25 | 2019-07-05 | 金在(北京)金融信息服务有限公司 | Processing method, device, equipment and the storage medium of financial data |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111931955A (en) * | 2020-07-22 | 2020-11-13 | 北京字节跳动网络技术有限公司 | Information processing method and device and electronic equipment |
| CN112270529A (en) * | 2020-10-29 | 2021-01-26 | 北京字跳网络技术有限公司 | Method and device for examining and approving business form, electronic equipment and storage medium |
| CN112270529B (en) * | 2020-10-29 | 2024-05-17 | 北京字跳网络技术有限公司 | Approval method and device for business form, electronic equipment and storage medium |
| CN112464201A (en) * | 2020-11-02 | 2021-03-09 | 中国建设银行股份有限公司 | Token automatic issuing system, method and storage medium |
| CN112464201B (en) * | 2020-11-02 | 2024-03-01 | 中国建设银行股份有限公司 | Automatic token issuing system, method and storage medium |
| CN114596064A (en) * | 2022-03-03 | 2022-06-07 | 北京荣达天下信息科技有限公司 | Work order-based automatic management method and system for admission authority |
| CN115102765A (en) * | 2022-06-22 | 2022-09-23 | 北京声智科技有限公司 | Authority configuration method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111274561A (en) | Identity management method, device, equipment and storage medium | |
| US9418236B2 (en) | Method and system for dynamically and automatically managing resource access permissions | |
| US9842151B2 (en) | System and method for uploading and management of contract-research-organization data to a sponsor company's electronic laboratory notebook | |
| US20230325056A1 (en) | System and method for reacting to messages | |
| CN111556052A (en) | Authority management method, processing device and storage medium | |
| US20150341357A1 (en) | Method and system for access control management using reputation scores | |
| US8365261B2 (en) | Implementing organization-specific policy during establishment of an autonomous connection between computer resources | |
| CN106951773B (en) | User role distribution checking method and system | |
| CN110619206B (en) | Operation and maintenance risk control method, system, equipment and computer readable storage medium | |
| CN111046354A (en) | Access and client access management method, system and medium | |
| US11328254B2 (en) | Automatic group creation based on organization hierarchy | |
| WO2020215687A1 (en) | Method and apparatus for monitoring data transmission, and computer device and storage medium | |
| CN112202750A (en) | Control method for policy execution, policy execution system and computing device | |
| CN114356521A (en) | Task scheduling method and device, electronic equipment and storage medium | |
| CN112288400A (en) | Multi-system data interaction method and device, computer equipment and storage medium | |
| CN113836237A (en) | Method and device for auditing data operation of database | |
| WO2014100223A1 (en) | Quantifying risk based on relationships and applying protections based on business rules | |
| CN111858020A (en) | User resource limiting method, device and computer storage medium | |
| CN112583890B (en) | Message pushing method and device based on enterprise office system and computer equipment | |
| US11632375B2 (en) | Autonomous data source discovery | |
| US20120323937A1 (en) | Bulk create, update and delete (cud) database operations for table inheritance | |
| CN112347191A (en) | Method and device for sharing and exchanging data, computer equipment and storage medium | |
| CN110764882B (en) | Distributed management method, distributed management system and device | |
| JP5969668B1 (en) | License management system, terminal, license control server, and license management method | |
| CN111865938B (en) | Login method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |