CN111859442A - Authority configuration method, authority configuration system and computer readable storage medium - Google Patents

Authority configuration method, authority configuration system and computer readable storage medium Download PDF

Info

Publication number
CN111859442A
CN111859442A CN202010072053.XA CN202010072053A CN111859442A CN 111859442 A CN111859442 A CN 111859442A CN 202010072053 A CN202010072053 A CN 202010072053A CN 111859442 A CN111859442 A CN 111859442A
Authority
CN
China
Prior art keywords
user
information
authority
permission
approval
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010072053.XA
Other languages
Chinese (zh)
Inventor
高诗梦
黄宇鸿
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Didi Infinity Technology and Development Co Ltd
Original Assignee
Beijing Didi Infinity Technology and Development Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Didi Infinity Technology and Development Co Ltd filed Critical Beijing Didi Infinity Technology and Development Co Ltd
Priority to CN202010072053.XA priority Critical patent/CN111859442A/en
Publication of CN111859442A publication Critical patent/CN111859442A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • G06Q10/103Workflow collaboration or project management

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Human Resources & Organizations (AREA)
  • Strategic Management (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Entrepreneurship & Innovation (AREA)
  • General Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Databases & Information Systems (AREA)
  • Tourism & Hospitality (AREA)
  • Operations Research (AREA)
  • Marketing (AREA)
  • Economics (AREA)
  • Data Mining & Analysis (AREA)
  • Quality & Reliability (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a permission configuration method, a permission configuration system and a computer readable storage medium. The permission configuration method comprises the following steps: acquiring access record data of a user side, and determining user characteristic data according to the access record data; and generating permission recommendation information according to the user characteristic data, and sending the permission recommendation information to the user side. The invention solves the problem of low authority application efficiency caused by the fact that the user can not acquire the required authority without knowing which authority is specifically applied in the related technology, namely, the invention improves the authority application efficiency by reducing the complexity of selecting the authority application by the user, enables the user to feel more intelligent in authority application, meets the use requirements of the user and further improves the use experience of the user.

Description

Authority configuration method, authority configuration system and computer readable storage medium
Technical Field
The present invention relates to the technical field of permission configuration, and in particular, to a permission configuration method, a permission configuration system, and a computer-readable storage medium.
Background
The unified authority platform is an important safety product, and the basic idea is to provide a unified authority management platform to realize authority management on all service subsystems of a company. The system provides authority application, approval and authority configuration functions for each business subsystem of a company employee, can realize safe access control on the company subsystem, and achieves the purpose of avoiding the risk of information leakage.
The application and approval of the existing unified authority are realized based on subsystem dimensions, namely, when a user wants to apply for the authority, the user needs to select the subsystem first and then can select the role concerned by the user in the subsystem, and then can complete the authority application and the subsequent approval operation. Therefore, the user cognitive and selection load increases, and the complexity of the user applying the authority is very large.
Disclosure of Invention
The present invention is directed to solving at least one of the problems of the prior art or the related art.
To this end, the first aspect of the present invention provides a rights configuration method.
A second aspect of the present invention provides a rights configuration method.
A third aspect of the present invention provides a rights configuration method.
A fourth aspect of the present invention provides a rights configuration system.
A fifth aspect of the invention provides a computer-readable storage medium.
In order to achieve the above object, according to a technical solution of a first aspect of the present invention, there is provided a permission configuration method, including: acquiring access record data of a user side, and determining user characteristic data according to the access record data; and generating permission recommendation information according to the user characteristic data, and sending the permission recommendation information to the user side.
In the technical scheme, a user logs in through a user side, the user can access a service subsystem of a server side after logging in, the server side can record access record data of the user side, the server side can determine user characteristic data according to the recorded access record of the user, the user characteristic data can reflect the authority which is possibly required by the user, a user characteristic analysis component can calculate authority recommendation information in real time, corresponding authority recommendation information is generated according to the user characteristic which can reflect the authority which is possibly required by the user, the authority recommendation information is sent to the user side for the user to select, and the authority recommendation information comprises recommended subsystem information and independent authority in the subsystem information. The server-side system analyzes according to the user characteristic data so as to automatically push the authority which may need to be applied to the user, thereby playing a role in enabling the user to select from fewer authorities. The problem of low authority applying efficiency caused by the fact that a user does not know which authority is specifically applied to obtain the required authority in the related technology is solved. The method and the device have the advantages that the complexity of selecting the application permission by the user is reduced, the efficiency of applying the permission is improved, the user feels that the permission application is more intelligent, the use requirement of the user is met, and the use experience of the user is improved. It should be noted that the above authorization configuration method is applicable to the server.
It can be understood that the authority that the user needs to apply is specifically a certain function in a certain subsystem. For example, the access right and the read-write right in the subsystem a can be set as two completely different rights, and the right recommendation information sent to the user includes not only the information of the subsystem that the user may access, but also various specific rights in the subsystem, so that the user can accurately determine the right that the user may need through the right recommendation information.
In any of the above technical solutions, the user feature data includes one or a combination of the following: user information, system identification the user accesses.
In the technical scheme, when the authority recommendation is performed, the service end system can generate the authority recommendation information according to the user information and the system identifier accessed by the user. In other words, the server-side system extracts the user information and the system identifier accessed by the user from the access log data of the user terminal. The server-side system may generate the permission recommendation information only according to the user information or the system identifier accessed by the user, or may generate the permission recommendation information together according to the user information and the system identifier accessed by the user.
It can be understood that when the permission recommendation information is generated according to the user information and the system identification information accessed by the user, a union of the recommendation information generated according to the user information and the recommendation information generated according to the system identification information accessed by the user can be used as the permission recommendation information, and the acquired permission recommendation information can be closer to the permission recommendation information required by the user, so that the permission recommendation information is more accurate and simplified, and the situation that the user cannot find a proper permission required to apply in too many selectable items is avoided. The intersection of the recommendation information generated according to the user information and the recommendation information generated according to the system identification information accessed by the user can be used as the authority recommendation information, the coverage of the obtained authority recommendation information is wider, the problem that the authority recommendation information has missed authority is solved, and the user can find the authority to be applied from the authority recommendation information.
In any of the above technical solutions, the step of determining the user characteristic data according to the access record data, where the user characteristic data is user information, specifically includes: and determining login data of the user side according to the access record data, and determining user information logged in by the user side according to the login data.
In the technical scheme, when the user characteristic data is user information, the server-side system acquires the access record data to determine login data of the user, the login data at least comprises basic information of the user, wherein the basic information may comprise information such as name, age and position of the user, and the server-side can find the user information of the user when the user registers the account according to the login data.
In any of the above technical solutions, the step of generating the authority recommendation information according to the user feature data specifically includes: extracting label information in the user information; and searching authority data corresponding to the label information, and generating authority recommendation information according to the authority data corresponding to the label information.
In the technical scheme, corresponding label information is extracted from user information, authority data owned by a user corresponding to the label information can be found according to the label information, and authority recommendation information is generated according to the authority data corresponding to the label information. The permission recommendation method and the system realize that the permission owned by the user with the same label information is recommended to the user side, and improve the accuracy of permission recommendation information.
It is understood that the tag information includes, but is not limited to, job information in the user information. It should be noted that the label information is label information that can represent a user group with common authority requirements to some extent.
In any of the above technical solutions, the step of determining the user characteristic data according to the access record data, where the user characteristic data is a system identifier accessed by the user, specifically includes: and determining an access log of the user side according to the access record data, and determining a system identifier accessed by the user side according to the access log.
In the technical scheme, the access log of the user side in the server-side system can be inquired and determined according to the range record data, the behavior of the subsystem which is accessed by the user most recently can be checked through the access log, and the identification of the subsystem which is accessed by the user most recently is recorded, so that the system identification accessed by the user side is determined. The access records of the user can intuitively reflect the subsystems which the user wants to access, so that the accuracy of the generated authority recommendation information is ensured.
In any of the above technical solutions, the step of generating the authority recommendation information according to the user feature data specifically includes: extracting the system identification which fails in authentication from the system identification accessed by the user side; and generating authority recommendation information according to the authority data corresponding to the system identifier with the authentication failure.
In the technical scheme, the system identification which fails in authentication in the system identification accessed by the user side is extracted, the system identification which the user side wants to access but does not have the authority to access can be obtained, and the operation steps which are required by the user but does not have the authority to access can be obtained, so that the accuracy of generating the authority recommendation information is further enhanced, and the authority selected by the user according to the authority recommendation information is ensured to be more in line with the requirements of the user.
In any of the above technical solutions, the permission application information returned by the user side is received, and the permission application information is sent to the approval terminal for approval; and receiving the approval result information returned by the approval terminal, and authorizing the user side according to the approval result information.
According to the technical scheme, a user side of a server-side system box sends authority recommendation information, a user can generate application information according to the authority selected by the user according to the authority selected by the authority recommendation information and transmits the application information back to a server side, the server side sends the received authority application information to an approval terminal in each subsystem for approval, an approval result is generated after the approval of the approval terminal is completed and is transmitted back to the server-side system, the server-side system authorizes the user side according to the approval result and completes the steps from authority selection to final authorization of the user, the server-side system automatically classifies the authority application information according to the authority application information sent by the user selection and sends the authority application information to the subsystems, the user does not need to input required authority by himself or send authority applications to the subsystems one by one, and the authority application efficiency is improved.
In any of the above technical solutions, the step of sending the permission application information to the permission approval system for approval specifically includes: analyzing the authority application information and determining a system identifier corresponding to the authority application information; and determining an approval terminal capable of processing the authority application information according to the system identification corresponding to the authority information, and sending the application information to the approval terminal.
In the technical scheme, the permission application information is analyzed to obtain the subsystems corresponding to the permissions in the permission application information and the specific permission level and other permission data, and the permission data is sent to the approval terminal of the corresponding subsystem, so that the permission application information is automatically classified, the situation that a user needs to analyze and judge the subsystem corresponding to the required application permission is avoided, and the application efficiency is improved.
According to a technical solution of a second aspect of the present invention, there is provided a permission configuration method, including: receiving authority recommendation information sent by a server; and responding to the permission application instruction, and returning permission application information with user information to the server so that the server sends the permission application information to the approval terminal for approval.
In the technical scheme, the permission configuration method is suitable for the user side. After receiving the authority recommendation information sent by the server, the user side selects and transmits the authority in the authority recommendation information back to the server according to an authority application instruction sent by the user, so that the server analyzes the authority application information and sends the authority application information to the approval terminal for approval.
In any of the above technical solutions, before the step of returning the permission application information to the server in response to the permission application instruction, the method further includes: analyzing the authority recommendation information, and determining a system identifier corresponding to the authority recommendation information; and classifying and displaying the authority recommendation information according to the system identification corresponding to the authority application information.
In the technical scheme, after the user side receives the authority recommendation information sent by the server side, the authority recommendation information is analyzed, the system identification corresponding to the authority recommendation information is determined, classification is carried out according to the system identification, and the authority recommendation information under the subsystem corresponding to the system identification is displayed.
It can be understood that the specific classification form includes classification display according to different subsystems, for example, permission recommendation information (read permission and write permission) corresponding to the subsystem a is displayed together, and permission recommendation information corresponding to the subsystem B is displayed together. Or classifying and displaying according to the authority types, for example, displaying the authority recommendation information in the A subsystem and the C subsystem in the read authority types together, and displaying the authority recommendation information in the B subsystem and the D subsystem in the modified type together. And the authority recommendation information is displayed in a classified form, so that the functions of conveniently checking and selecting by a user are achieved.
According to a technical solution of the third aspect of the present invention, there is provided a permission configuration method, including: receiving authority application information sent by a server side; and responding to the authority configuration instruction, and transmitting the examination and approval result information back to the server so that the server authorizes the user side according to the examination and approval result information.
In the technical scheme, the permission configuration method is used for an approval terminal. And the approval terminal receives the permission application information sent by the server. And receiving an authority configuration instruction sent by an approval person, approving the authority application information, and returning the approved approval result information to the server side so that the server side authorizes or refuses authorization to the user side according to the approval result information. Specifically, when an approval person sends an authorized authority configuration instruction, authorization type approval information is sent to a server; and when the approval personnel sends an authority configuration instruction of refusing the authorization, the approval information of the type of refusing the authorization is sent to the server.
In any of the above technical solutions, before the step of returning the approval result information to the server in response to the permission configuration instruction, the method further includes: extracting user information in the authority application information; and displaying the authority application information and the user information in a list form.
According to the technical scheme, after the permission application information sent by the server is received, the user information in the permission application information is extracted, the user information and the permission application information are displayed in a list form, and an approver can conveniently check the user information and the permission application information required to be approved by the user by clicking the user information in the list.
It can be understood that the approval terminal may receive the permission application information from a plurality of different users at the same time, and display the permission application information in a list form by classifying according to the user information. Specifically, the line titles in the list are user α and user β … … respectively; the columns in the list are entitled read rights, write rights … …. The permission application information is displayed in a list form, and the functions of facilitating checking and selecting of the examination and approval personnel are achieved.
According to a technical solution of a fourth aspect of the present invention, there is provided a rights configuration system, including: the server side comprises a server side memory, a server side processor and a computer program which is stored on the server side memory and can run on the server side processor;
the computer program is executed by the server processor to realize the steps of the authority configuration method in any one of the above technical schemes; the permission configuration system has all the beneficial effects of the permission configuration method of any technical scheme, and is not described herein again;
The system comprises a user side and a client side, wherein the user side comprises a user side memory, a user side processor and a computer program which is stored on the user side memory and can run on the user side processor;
the computer program is executed by the user processor to realize the steps of the authority configuration method of the technical scheme; the permission configuration system has all the beneficial effects of the permission configuration method of any technical scheme, and is not described herein again;
the system comprises an approval terminal, a verification terminal and a verification terminal, wherein the approval terminal comprises an approval terminal memory, an approval terminal processor and a computer program which is stored in the approval terminal memory and can run on the approval terminal processor;
the computer program is examined and approved by the terminal processor to execute the steps of the permission configuration method in any one of the technical schemes. The permission configuration system has all the beneficial effects of the permission configuration method of any one of the technical schemes, and details are not repeated herein.
According to an aspect of the fifth aspect of the present invention, there is provided a computer-readable storage medium, on which a control program is stored, where the control program, when executed by a processor, implements the steps of the authority configuration method according to any one of the above-mentioned aspects, or the steps of the authority configuration method according to any one of the above-mentioned aspects.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
The above and/or additional aspects and advantages of the present invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
FIG. 1 shows a flow diagram of a privilege configuration method according to one embodiment of the invention;
FIG. 2 shows a flow diagram of a rights configuration method according to another embodiment of the invention;
FIG. 3 illustrates a flow diagram of a privilege configuration method according to yet another embodiment of the invention;
FIG. 4 shows a flow diagram of a privilege configuration method according to yet another embodiment of the invention;
FIG. 5 shows a flow diagram of a privilege configuration method according to yet another embodiment of the invention;
FIG. 6 shows a flow diagram of a privilege configuration method according to yet another embodiment of the invention;
FIG. 7 shows a flow diagram of a privilege configuration method according to yet another embodiment of the invention;
FIG. 8 illustrates a flow diagram of a privilege configuration method according to yet another embodiment of the invention;
FIG. 9 shows a flow diagram of a privilege configuration method according to yet another embodiment of the invention;
FIG. 10 illustrates a flow diagram of a privilege configuration method according to yet another embodiment of the invention;
FIG. 11 shows a flow diagram of a privilege configuration method according to yet another embodiment of the invention;
FIG. 12 is a flowchart illustrating a privilege configuration method according to an embodiment of the invention;
FIG. 13 is a flowchart illustrating a privilege configuration method according to another embodiment of the invention;
FIG. 14 is a schematic block diagram of a unified rights platform in accordance with another specific embodiment of the invention;
FIG. 15 shows a schematic block diagram of a rights configuration system according to one embodiment of the invention;
FIG. 16 shows a schematic block diagram of a server in a rights configuration system according to one embodiment of the invention;
fig. 17 is a schematic block diagram of a user side in the rights configuration system according to an embodiment of the invention;
fig. 18 shows a schematic block diagram of an approval terminal in the rights configuration system according to an embodiment of the present invention.
Detailed Description
In order that the above objects, features and advantages of the present invention can be more clearly understood, a more particular description of the invention will be rendered by reference to the appended drawings. It should be noted that the embodiments and features of the embodiments of the present application may be combined with each other without conflict.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, however, the present invention may be practiced in other ways than those specifically described herein, and therefore the scope of the present invention is not limited by the specific embodiments disclosed below.
A rights configuration method, a rights configuration system, and a computer-readable storage medium according to an embodiment of the present invention are described below with reference to fig. 1 to 18.
The first embodiment is as follows:
as shown in fig. 1, in an embodiment of the present invention, a method for configuring a right is provided, including:
step S102, obtaining access record data of a user side, and determining user characteristic data according to the access record data;
and step S104, generating permission recommendation information according to the user characteristic data, and sending the permission recommendation information to the user side.
In the embodiment, a user logs in through a user side, the user can access a service subsystem of a server side after logging in, the server side can record access record data of the user side, the server side can determine user characteristic data according to the recorded access record of the user, wherein the user characteristic data can reflect the authority possibly required by the user, a user characteristic analysis component can calculate authority recommendation information in real time, corresponding authority recommendation information is generated according to the user characteristic capable of reflecting the authority possibly required by the user, the authority recommendation information is sent to the user side for the user to select, and the authority recommendation information comprises recommended subsystem information and independent authority in the subsystem information. The server-side system analyzes according to the user characteristic data so as to automatically push the authority which may need to be applied to the user, thereby playing a role in enabling the user to select from fewer authorities. The problem of the inefficiency of the application authority caused by the fact that the user does not know which authority to apply specifically to acquire the required authority in the related art is avoided, namely the complexity of selecting the application authority by the user is reduced, the efficiency of the application authority is improved, the user feels that the authority application is more intelligent, the use requirement of the user is met, and the use experience of the user is improved. It should be noted that the above authorization configuration method is applicable to the server.
It can be understood that the authority that the user needs to apply is specifically a certain function in a certain subsystem. For example, the access right and the read-write right in the subsystem a can be set as two completely different rights, and the right recommendation information sent to the user includes not only the information of the subsystem that the user may access, but also various specific rights in the subsystem, so that the user can accurately determine the right that the user may need through the right recommendation information.
In the above embodiments, the user characteristic data comprises one or a combination of: user information, system identification the user accesses.
In this embodiment, when performing permission recommendation, the service end system may generate permission recommendation information according to the user information and the system identifier accessed by the user. In other words, the server-side system extracts the user information and the system identifier accessed by the user from the access log data of the user terminal. The server-side system may generate the permission recommendation information only according to the user information or the system identifier accessed by the user, or may generate the permission recommendation information together according to the user information and the system identifier accessed by the user.
It can be understood that when the permission recommendation information is generated according to the user information and the system identification information accessed by the user, a union of the recommendation information generated according to the user information and the recommendation information generated according to the system identification information accessed by the user can be used as the permission recommendation information, and the acquired permission recommendation information can be closer to the permission recommendation information required by the user, so that the permission recommendation information is more accurate and simplified, and the situation that the user cannot find a proper permission required to apply in too many selectable items is avoided. The intersection of the recommendation information generated according to the user information and the recommendation information generated according to the system identification information accessed by the user can be used as the authority recommendation information, the coverage of the obtained authority recommendation information is wider, the problem that the authority recommendation information has missed authority is solved, and the user can be ensured to find the authority to be applied from the authority recommendation information.
Example two:
as shown in fig. 2, in another embodiment of the present invention, a method for configuring a right is provided, which includes:
step S202, obtaining access record data of a user side, and determining user characteristic data according to the access record data;
step S204, generating authority recommendation information according to the user characteristic data, and sending the authority recommendation information to a user side;
step S206, receiving the permission application information returned by the user side, and sending the permission application information to the approval terminal for approval;
and S208, receiving the approval result information returned by the approval terminal, and authorizing the user side according to the approval result information.
Wherein the user characteristic data comprises one or a combination of the following: user information, system identification the user accesses.
In the embodiment, the user side of the service end system box sends the authority recommendation information, the user can generate application information according to the authority selected by the user according to the authority selected by the authority recommendation information and transmits the application information back to the service end, the service end sends the received authority application information to the approval terminals in the subsystems for approval, the approval results are generated after the approval of the approval terminals are approved and transmitted back to the service end system, the service end system authorizes the user side according to the approval results and completes the steps from authority selection to final authorization of the user, the service end system automatically classifies the authority application information sent according to the authority application information selected by the user and sends the authority application information to the self-system, the user does not need to input required authority by himself or send authority applications to the subsystems one by one, and the authority application efficiency is improved.
As shown in fig. 3, in any of the above embodiments, the step of sending the permission application information to the permission approval system for approval specifically includes:
step S302, the authority application information is analyzed, and a system identification corresponding to the authority application information is determined;
and step S304, determining an approval terminal capable of processing the authority application information according to the system identification corresponding to the authority information, and sending the application information to the approval terminal.
In the technical scheme, the permission application information is analyzed to obtain the subsystems corresponding to the permissions in the permission application information and the specific permission level and other permission data, and the permission data is sent to the approval terminal of the corresponding subsystem, so that the permission application information is automatically classified, the situation that a user needs to analyze and judge the subsystem corresponding to the required application permission is avoided, and the application efficiency is improved.
Example three:
as shown in fig. 4, in any of the above embodiments, the step of determining the user characteristic data according to the access record data, where the user characteristic data is user information, specifically includes:
step S402, determining login data of a user side according to the access record data;
step S404, determining the user information logged in by the user terminal according to the login data.
In this embodiment, when the user characteristic data is user information, the server-side system obtains the access record data to determine login data of the user, where the login data includes at least basic information of the user, which may include information of name, age, position, and the like of the user.
It can be understood that when the user registers the login account, the basic information needs to be stored in the server in the form of login data, so that the server can search the user information of the user when the user registers the account according to the login data.
As shown in fig. 5, in the above embodiment, the step of generating the right recommendation information according to the user feature data specifically includes:
step S502, extracting label information in the user information;
step S504, authority data corresponding to the label information is searched, and authority recommendation information is generated according to the authority data corresponding to the label information.
In this embodiment, corresponding tag information is extracted from the user information, the permission data owned by the user corresponding to the tag information can be found according to the tag information, and permission recommendation information is generated according to the permission data corresponding to the tag information. The permission recommendation method and the system realize that the permission owned by the user with the same label information is recommended to the user side, and improve the accuracy of permission recommendation information.
It is understood that the tag information includes, but is not limited to, job information in the user information. It should be noted that the label information is label information that can represent a user group with common authority requirements to some extent.
Example four:
as shown in fig. 6, in any of the above embodiments, the step of determining the user characteristic data according to the access record data, where the user characteristic data is a system identifier accessed by the user, specifically includes:
step S602, determining an access log of a user side according to the access record data;
step S604, determining the system identifier accessed by the user side according to the access log.
In this embodiment, the access log of the user terminal in the service terminal system may be determined by querying the range record data, the behavior of the subsystem that the user has recently accessed may be checked through the access log, and the identifier of the subsystem that the user has recently accessed is recorded, thereby determining the system identifier that the user terminal has accessed. The access records of the user can intuitively reflect the subsystems which the user wants to access, so that the accuracy of the generated authority recommendation information is ensured.
As shown in fig. 7, in the above embodiment, the step of generating the right recommendation information according to the user feature data specifically includes:
Step S702, extracting the system identification which fails authentication from the system identification accessed by the user terminal;
step S704, generating authority recommendation information according to the authority data corresponding to the system identification with failed authentication.
In the embodiment, the system identifier which fails in authentication in the system identifiers accessed by the user side is extracted, the system identifiers which the user side wants to access but does not have the authority to access can be obtained, and the operation steps which the user needs to perform but does not have the authority to perform are performed, so that the accuracy of generating the authority recommendation information is further enhanced, and the authority selected by the user according to the authority recommendation information is ensured to better meet the requirements of the user.
Example five:
as shown in fig. 8, in a further embodiment of the present invention, a method for configuring a right is provided, which includes:
step S802, receiving authority recommendation information sent by a server;
step S804, responding to the authority application instruction, and transmitting the authority application information with the user information back to the server.
In this embodiment, the above right configuration method is applicable to a user side. After receiving the authority recommendation information sent by the server, the user side selects and transmits the authority in the authority recommendation information back to the server according to an authority application instruction sent by the user, so that the server analyzes the authority application information and sends the authority application information to the approval terminal for approval.
As shown in fig. 9, in the above embodiment, before the step of returning the permission application information to the server in response to the permission application instruction, the method further includes:
step S902, analyzing the authority recommendation information, and determining a system identifier corresponding to the authority recommendation information;
and step S904, displaying the authority recommendation information in a classified manner according to the system identification corresponding to the authority application information.
In the embodiment, after the user side receives the authority recommendation information sent by the server side, the authority recommendation information is analyzed, the system identifier corresponding to the authority recommendation information is determined, classification is performed according to the system identifier, and the authority recommendation information under the subsystem corresponding to the system identifier is displayed.
It can be understood that the specific classification form includes classification display according to different subsystems, for example, permission recommendation information (read permission and write permission) corresponding to the subsystem a is displayed together, and permission recommendation information corresponding to the subsystem B is displayed together. Or classifying and displaying according to the authority types, for example, displaying the authority recommendation information in the A subsystem and the C subsystem in the read authority types together, and displaying the authority recommendation information in the B subsystem and the D subsystem in the modified type together. And the authority recommendation information is displayed in a classified form, so that the functions of conveniently checking and selecting by a user are achieved.
Example six:
as shown in fig. 10, in a further embodiment of the present invention, a method for configuring a right is provided, which includes:
step S1002, receiving authority application information sent by a server;
step S1004, responding to the authority configuration instruction, and transmitting the approval result information back to the server.
In this embodiment, the permission configuration method is used for an approval terminal. And the approval terminal receives the permission application information sent by the server. And receiving an authority configuration instruction sent by an approval person, approving the authority application information, and returning the approved approval result information to the server side so that the server side authorizes or refuses authorization to the user side according to the approval result information. Specifically, when an approval person sends an authorized authority configuration instruction, authorization type approval information is sent to a server; and when the approval personnel sends an authority configuration instruction of refusing the authorization, the approval information of the type of refusing the authorization is sent to the server.
As shown in fig. 11, in the above embodiment, before the step of transmitting the approval result information back to the server in response to the permission configuration instruction, the method further includes:
step S1102, extracting user information in the authority application information;
Step S1104, displaying the authority application information and the user information in a list form.
In the embodiment, after the permission application information sent by the server is received, the user information in the permission application information is extracted, and the user information and the permission application information are displayed in a list form, so that an approver can conveniently check the user information and the permission application information required to be approved by the user by clicking the user information in the list.
It can be understood that the approval terminal may receive the permission application information from a plurality of different users at the same time, and display the permission application information in a list form by classifying according to the user information. Specifically, the line titles in the list are user α and user β … … respectively; the columns in the list are entitled read rights, write rights … …. The permission application information is displayed in a list form, and the functions of facilitating checking and selecting of the examination and approval personnel are achieved.
Example seven:
as shown in fig. 12, in a complete embodiment of the present invention, a method for configuring a right is provided, which includes:
step S1202, obtaining access record data of a user side;
step S1204, confirm the login data of the user end according to visiting the recorded data;
Step S1206, determining user information logged in by the user side according to the login data;
step S1208, extracting the label information in the user information;
step S1210, searching authority data corresponding to the label information;
step S1212, determining an access log of the user terminal according to the access record data;
step S1214, determining the system identifier accessed by the user terminal according to the access log;
step S1216, extract the system identification of authentication failure in the system identification that the user end visits;
step S1218, generating permission recommendation information according to the system identifier failing to authenticate and the permission data corresponding to the tag information;
step S1220, sending the permission recommendation information to the user side;
step S1222, receiving the permission application information returned by the user side, and sending the permission application information to the approval terminal for approval;
step S1224, receiving the approval result information returned by the approval terminal, and authorizing the user terminal according to the approval result information.
In the embodiment, after logging in, a user accesses a service subsystem of a server, the server can record access record data of a user side, the server can determine user characteristic data according to the recorded access record of the user, wherein the user characteristic data can reflect the possible required permission of the user, a user characteristic analysis component can calculate permission recommendation information in real time, corresponding permission recommendation information is generated according to user characteristics which can reflect the possible required permission of the user, the permission recommendation information is sent to the user side for the user to select, and the permission recommendation information comprises recommended subsystem information and independent permission in the subsystem information. The server-side system analyzes according to the user characteristic data so as to automatically push the authority which may need to be applied to the user, thereby playing a role in enabling the user to select from fewer authorities. The problem of the inefficiency of the application authority caused by the fact that the user does not know which authority to apply specifically to acquire the required authority in the related art is avoided, namely the complexity of selecting the application authority by the user is reduced, the efficiency of the application authority is improved, the user feels that the authority application is more intelligent, the use requirement of the user is met, and the use experience of the user is improved. It should be noted that the above authorization configuration method is applicable to the server.
When performing permission recommendation, the service end system may generate permission recommendation information according to the user information and the system identifier accessed by the user. In other words, the server-side system extracts the user information and the system identifier accessed by the user from the access log data of the user terminal. The server-side system may generate the permission recommendation information only according to the user information or the system identifier accessed by the user, or may generate the permission recommendation information together according to the user information and the system identifier accessed by the user.
It can be understood that when the permission recommendation information is generated according to the user information and the system identification information accessed by the user, a union of the recommendation information generated according to the user information and the recommendation information generated according to the system identification information accessed by the user can be used as the permission recommendation information, and the acquired permission recommendation information can be closer to the permission recommendation information required by the user, so that the permission recommendation information is more accurate and simplified, and the situation that the user cannot find a proper permission required to apply in too many selectable items is avoided. The intersection of the recommendation information generated according to the user information and the recommendation information generated according to the system identification information accessed by the user can be used as the authority recommendation information, the coverage of the obtained authority recommendation information is wider, the problem that the authority recommendation information has missed authority is solved, and the user can find the authority to be applied from the authority recommendation information.
Example eight:
as shown in fig. 13, a complete embodiment of the present invention provides a method for configuring a right, including:
step S1302, a user logs in;
step S1304, triggering user characteristic analysis;
step S1306, calculating in real time to obtain user posts, positions and access records;
step S1308, generating a system that the user may access;
step 1310, generating the authority which the user may apply for;
step S1312, recommending a system interface which can be selected;
step S1314, the user selects a system;
step S1316, recommending a possible selection role interface;
step S1318, the user selects a role;
in step S1320, the user submits an application.
In the embodiment, after a user logs in, the user characteristics are analyzed, the post and position information of the user is determined, corresponding access records are generated, a system which the user may access and the authority which the user may apply are generated, a selected subsystem interface is recommended to the user, after the user selects a careful system, the user is recommended to select a role interface, the user selects a role, and the user submits the authority application to the system.
It is understood that the subsystem: an enterprise has a large number of information systems, defined herein as subsystems, within it for internal personnel to access and operate. A permission point is a resource entity of a subsystem. For example: the network link "/user/getreport/xxx" of the access subsystem, a data report of the subsystem, can be called a permission point. The user is the entity that accesses the rights point, i.e. the aforementioned internal employee. The authority is an operation permission for a user to access the authority point. The role is a role bound with a plurality of authority points and is a set of a certain number of authorities. The role is the unit and carrier of authority distribution, and aims to isolate the logical relationship between the user and the authority point. The relationship between the user and the role and the authority points is that the user can have a plurality of roles, and each role corresponds to a plurality of authority points. After the user applies for certain roles, the user can obtain the authority of the ownership limit points corresponding to the roles. The subsystem administrator may have several administrators for each subsystem, which may be set by the administrator of the subsystem on the unified rights platform. The subsystem administrator can set a plurality of roles of the subsystem for the user to apply, and set the corresponding approvers of the roles. It can be said that the subsystem administrator applies for the user's right to the mobile responsibility of the approval mechanism.
As shown in fig. 14, in the above embodiment, the present invention further provides a unified rights platform 1400, including: subsystem component 1402, permission point component 1404, user component 1406, role component 1408, user behavior log component 1410, permission recommendation component 1412, user feature extraction component 1414, permission application component 1416, approval flow component 1420, and permission approval component 1418.
The authority configuration method is used for the unified authority platform 1400.
In this embodiment, the subsystem component 1402 provides the functions of registration, modification, deletion, and query of the company's internal subsystems in the unified rights system; the role component 1408 follows the RBAC model for rights management, and the rights specifically applied by the user are the roles. Providing the functions of creating, modifying, deleting and inquiring the role of each subsystem in the unified authority system; the permission point component 1404 provides the functions of creating, modifying, deleting and querying the permission points of each subsystem in the unified permission system; user component 1406 provides the functions of creation, modification, deletion and query of company employees in the unified rights system; the user behavior log component 1410, because the access behaviors of the various service subsystems interact with the unified rights system, any access behavior of the user is logged in the unified rights system. Through log cleaning, a user real-time system access behavior track can be obtained. The user feature extraction component 1414 calculates user features for the component according to user information and user access behaviors of the user behavior log component 1410, and records for the user real-time access; the user post characteristics are that the recommendation system data is generated according to the user characteristics: specifically, according to the latest 5min access subsystem behavior of the user, the ID of the authentication failure system is recorded, and the system is recommended to be used as an application authority recommendation system because the user applies for the system authority of the authentication failure. The recommended system ID is written to the database as storage. Generating recommendation authority data according to the user characteristics: the authority which is the failed authentication of the recommended subsystem user and the authority owned by the same post colleague are written into the database as storage. The authority recommending component 1412 is used for reading the recommending system data and the recommending authority data stored in the database for the authority recommending module according to the user information, and is used for making a related recommending authority applying component 1416 for the user through an interface so as to provide an authority applying function based on subsystem dimensions while unifying the authority system; the approval component 1418 is used for providing a unified authority system and supporting the authority approval function based on subsystem dimension; the approval flow component 1420 provides functionality for unifying rights systems while supporting rights approver configuration based on subsystem dimensions.
Example nine:
in yet another embodiment of the present invention, as shown in FIG. 15, a rights configuration system 1500 is provided. The method comprises the following steps: a service side 1520, a user side 1540 and an approval terminal 1560.
As shown in fig. 16, the server 1520 includes a server memory 1522, a server processor 1524 and a computer program stored in the server memory 1522 and capable of running on the server processor 1524.
The computer program is executed by the server-side processor 1524 to implement the steps of the permission configuration method according to any one of the above technical solutions; the permission configuration system has all the beneficial effects of the permission configuration method of any one of the technical schemes, and details are not repeated herein.
As shown in fig. 17, the user terminals 1540, the user terminal 1540 includes a user terminal memory 1542, a user terminal processor 1544, and a computer program stored in the user terminal memory 1542 and operable on the user terminal processor 1544.
The computer program is executed by the user-side processor 1544 to implement the steps of the method for configuring rights according to the above-mentioned technical solution; the permission configuration system has all the beneficial effects of the permission configuration method of any one of the technical schemes, and details are not repeated herein.
As shown in fig. 18, the approval terminal 1560 includes an approval terminal memory 1562, an approval terminal processor 1564, and a computer program stored on the approval terminal memory 1562 and executable on the approval terminal processor 1564.
The computer program is examined and approved by the terminal processor to execute the steps of the permission configuration method in any one of the technical schemes. The permission configuration system has all the beneficial effects of the permission configuration method of any one of the technical schemes, and details are not repeated herein.
Example ten:
in yet another embodiment of the present invention, a computer-readable storage medium is provided, on which a control program is stored, and the control program, when executed by a processor, implements the steps of the authority configuration method in any of the above embodiments, or the steps of the authority configuration method in any of the above embodiments. The computer-readable storage medium has all the advantages of the permission configuration method in any of the embodiments, and details are not repeated herein.
In the present invention, the terms "first", "second", and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance; the term "plurality" means two or more unless expressly limited otherwise. The terms "mounted," "connected," "fixed," and the like are to be construed broadly, and for example, "connected" may be a fixed connection, a removable connection, or an integral connection; "coupled" may be direct or indirect through an intermediary. The specific meanings of the above terms in the present invention can be understood by those skilled in the art according to specific situations.
In the description of the present invention, it is to be understood that the terms "upper", "lower", "left", "right", "front", "rear", and the like indicate orientations or positional relationships based on those shown in the drawings, and are only for convenience of description and simplification of description, but do not indicate or imply that the referred device or unit must have a specific direction, be constructed in a specific orientation, and be operated, and thus, should not be construed as limiting the present invention.
In the description herein, the description of the terms "one embodiment," "a specific embodiment," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
The above is only a preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes will occur to those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (14)

1. A method for configuring permissions, comprising:
acquiring access record data of a user side, and determining user characteristic data according to the access record data;
and generating permission recommendation information according to the user characteristic data, and sending the permission recommendation information to the user side.
2. The privilege configuration method according to claim 1, wherein the user characteristic data comprises one or a combination of the following:
user information, system identification the user accesses.
3. The permission configuration method according to claim 2, wherein the user characteristic data is user information, and the step of determining the user characteristic data according to the access record data specifically includes:
and determining login data of the user side according to the access record data, and determining user information logged in by the user side according to the login data.
4. The permission configuration method according to claim 3, wherein the step of generating permission recommendation information according to the user feature data specifically includes:
extracting label information in the user information;
and searching authority data corresponding to the label information, and generating authority recommendation information according to the authority data corresponding to the label information.
5. The permission configuration method according to claim 2, wherein the user characteristic data is a system identifier accessed by a user, and the step of determining the user characteristic data according to the access record data specifically includes:
and determining an access log of the user side according to the access record data, and determining a system identifier accessed by the user side according to the access log.
6. The permission configuration method according to claim 5, wherein the step of generating permission recommendation information according to the user feature data specifically includes:
extracting the system identification which fails in authentication from the system identification accessed by the user side;
and generating authority recommendation information according to the authority data corresponding to the system identifier with the authentication failure.
7. The privilege configuration method according to any one of claims 1 to 6, further comprising:
receiving the permission application information returned by the user side, and sending the permission application information to an approval terminal for approval;
and receiving the approval result information returned by the approval terminal, and authorizing the user side according to the approval result information.
8. The permission configuration method according to claim 7, wherein the step of sending the permission application information to a permission approval system for approval specifically includes:
Analyzing the authority application information and determining a system identifier corresponding to the authority application information;
and determining the approval terminal capable of processing the authority application information according to the system identification corresponding to the authority information, and sending the application information to the approval terminal.
9. A method for configuring permissions, comprising:
receiving authority recommendation information sent by a server;
and responding to the permission application instruction, and returning permission application information with user information to the server side so that the server side sends the permission application information to the approval terminal for approval.
10. The privilege configuration method according to claim 9, wherein before the step of sending the privilege application information back to the server in response to the privilege application command, the method further comprises:
analyzing the authority recommendation information, and determining a system identifier corresponding to the authority recommendation information;
and displaying the authority recommendation information in a classified manner according to the system identification corresponding to the authority application information.
11. A method for configuring permissions, comprising:
receiving authority application information sent by a server side;
and responding to the authority configuration instruction, and transmitting the examination and approval result information back to the server so that the server authorizes the user side according to the examination and approval result information.
12. The privilege configuration method according to claim 11, wherein before the step of sending the approval result information back to the server end in response to the privilege configuration command, the method further comprises:
extracting user information in the authority application information;
and displaying the authority application information and the user information in a list form.
13. A rights configuration system, comprising:
the server comprises a server memory, a server processor and a computer program which is stored on the server memory and can run on the server processor;
the computer program is executed by the server processor to implement the steps of the privilege configuration method according to any one of claims 1 to 8;
the system comprises a user side and a client side, wherein the user side comprises a user side memory, a user side processor and a computer program which is stored on the user side memory and can run on the user side processor;
the computer program is executed by the user-side processor to implement the steps of the rights configuration method according to claim 9 or 10;
the system comprises an approval terminal, a verification terminal and a verification terminal, wherein the approval terminal comprises an approval terminal memory, an approval terminal processor and a computer program which is stored in the approval terminal memory and can run on the approval terminal processor;
The computer program is executed by the approval terminal processor for implementing the steps of the rights configuration method according to claim 11 or 12.
14. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored thereon a rights recommendation program which, when executed by a processor, implements the steps of the rights configuration method according to any one of claims 1 to 8; or
A step of the rights configuration method according to claim 9 or 10; or
The steps of the rights configuration method as claimed in claim 11 or 12.
CN202010072053.XA 2020-01-21 2020-01-21 Authority configuration method, authority configuration system and computer readable storage medium Pending CN111859442A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010072053.XA CN111859442A (en) 2020-01-21 2020-01-21 Authority configuration method, authority configuration system and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010072053.XA CN111859442A (en) 2020-01-21 2020-01-21 Authority configuration method, authority configuration system and computer readable storage medium

Publications (1)

Publication Number Publication Date
CN111859442A true CN111859442A (en) 2020-10-30

Family

ID=72984866

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010072053.XA Pending CN111859442A (en) 2020-01-21 2020-01-21 Authority configuration method, authority configuration system and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN111859442A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113407530A (en) * 2020-11-20 2021-09-17 广东美云智数科技有限公司 Permission data recovery method, management device and storage medium
CN115577381A (en) * 2022-12-09 2023-01-06 云粒智慧科技有限公司 Line-level data access method and device and electronic equipment

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113407530A (en) * 2020-11-20 2021-09-17 广东美云智数科技有限公司 Permission data recovery method, management device and storage medium
CN115577381A (en) * 2022-12-09 2023-01-06 云粒智慧科技有限公司 Line-level data access method and device and electronic equipment

Similar Documents

Publication Publication Date Title
CN108062296B (en) A kind of method and system of measurement verification calibration data result specification intelligent processing
KR102213432B1 (en) Method and system for preventing leakage of surveyor information based on virtual code
CN109977690A (en) A kind of data processing method, device and medium
CN107645486B (en) login authentication method and device
CN100437576C (en) Method, system, and apparatus for discovering and connecting to data sources
KR100859923B1 (en) Individual certification method
KR20020026258A (en) Member information registration method and system, and member verification method and system
CN104240342A (en) Access control method and device
CN108446949A (en) A kind of books, which are borrowed, also manages system and a kind of book borrowing and reading method
CN106844730A (en) The display methods and device of file content
CN111859442A (en) Authority configuration method, authority configuration system and computer readable storage medium
CN107689019A (en) A kind of source of houses checking method and system
CN104240014A (en) Door access control method and door access control platform
CN111414614B (en) Override detection method and auxiliary device
CN112149109A (en) Modularized authority control management method and system
CN107895339A (en) Based on the government affairs information treating method and apparatus for controlling grid altogether
CN108269059B (en) Data management system
CA3147372C (en) Electronic invoice management method, device, computer apparatus, and storage medium
CN107580002A (en) Double factor authentication safety management machine login system and method
CN109754266A (en) Authentication information image display method, device, server and storage medium
CN109005167A (en) A kind of processing method of authentication data, device, server and storage medium
US20080162636A1 (en) System and method for replying to questions on-line
CN102111433B (en) Information processing apparatus and information processing method
JP2001229067A (en) Structured document description data processor and structured document description data processing program recording medium
CN110286823A (en) Information processing method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination