CN112328985A - Authority management method, device, equipment and storage medium - Google Patents
Authority management method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN112328985A CN112328985A CN202011345652.0A CN202011345652A CN112328985A CN 112328985 A CN112328985 A CN 112328985A CN 202011345652 A CN202011345652 A CN 202011345652A CN 112328985 A CN112328985 A CN 112328985A
- Authority
- CN
- China
- Prior art keywords
- login
- user information
- authority
- authorized user
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application discloses a method, a device, equipment and a storage medium for authority management, relates to the technical field of internet, and can be applied to a cloud platform or a data center. The specific implementation scheme comprises the following steps: receiving a login request, wherein the login request comprises login user information of a user to be logged in; calling an authority information table, wherein the authority information table comprises a plurality of pieces of preset authorized user information, and the preset authorized user information is updated according to a preset time period; determining first target authorized user information corresponding to the current time from a plurality of preset authorized user information according to the authority information table; and determining the login authority of the user to be logged in according to the first target authorized user information and the login user information. The technical scheme of the embodiment of the application can be used for a cloud computing platform, misoperation caused by direct login of a user on a machine is reduced, and service stability is improved.
Description
Technical Field
The present application relates to the field of internet technologies, and in particular, to a method, an apparatus, a device, and a storage medium for rights management.
Background
A cloud platform or data center of an internet company has a large number of online servers (machines), such as Linux servers, which are mainly used to deploy services and store data, and provide backend support for applications. The administrator directly adds permanent login authority to the machine mounting node, or the user directly logs in the machine, which may cause misoperation.
Disclosure of Invention
The application provides a method, a device, equipment and a storage medium for managing authority.
According to a first aspect of the present application, there is provided a rights management method, comprising:
receiving a login request, wherein the login request comprises login user information of a user to be logged in;
calling an authority information table, wherein the authority information table comprises a plurality of pieces of preset authorized user information, and the preset authorized user information is updated according to a preset time period;
determining first target authorized user information corresponding to the current time from a plurality of preset authorized user information according to the authority information table;
and determining the login authority of the user to be logged in according to the first target authorized user information and the login user information.
According to a second aspect of the present application, there is provided a rights management apparatus comprising:
the request receiving module is used for receiving a login request, and the login request comprises login user information of a user to be logged in;
the information table calling module is used for calling an authority information table, the authority information table comprises a plurality of pieces of preset authorized user information, and the preset authorized user information is updated according to a preset time period;
the first target information determining module is used for determining first target authorized user information corresponding to the current time from a plurality of preset authorized user information according to the authority information table;
and the first permission determining module is used for determining the login permission of the user to be logged in according to the first target authorized user information and the login user information.
According to a third aspect of the present application, there is provided an electronic device comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform a method of rights management as provided in any of the embodiments of the present application.
According to a fourth aspect of the present application, there is provided a non-transitory computer readable storage medium having stored thereon computer instructions for causing a computer to perform the method of rights management provided by any of the embodiments of the present application.
The technical scheme of the embodiment of the application can be applied to the cloud computing platform, misoperation caused by direct login of the user on the machine is reduced, and service stability is improved.
It should be understood that the statements in this section do not necessarily identify key or critical features of the embodiments of the present application, nor do they limit the scope of the present application. Other features of the present application will become apparent from the following description.
Drawings
The drawings are included to provide a better understanding of the present solution and are not intended to limit the present application. Wherein:
figure 1 is a schematic diagram of the architecture according to the bastion machine and the machine (server);
FIG. 2 is a schematic diagram of one implementation according to an embodiment of the present application;
FIG. 3 is a schematic diagram of another implementation consistent with an embodiment of the application;
FIG. 4 is a schematic diagram of yet another implementation consistent with an embodiment of the present application;
FIG. 5 is a diagram of an example of an application according to an embodiment of the present application;
FIG. 6 is a block diagram of a rights management device according to one embodiment of the application;
FIG. 7 is a block diagram of a rights management device according to another embodiment of the application;
FIG. 8 is a block diagram of a rights management device according to yet another embodiment of the present application;
fig. 9 is a block diagram of an electronic device for implementing a rights management method according to an embodiment of the present application.
Detailed Description
The following description of the exemplary embodiments of the present application, taken in conjunction with the accompanying drawings, includes various details of the embodiments of the application for the understanding of the same, which are to be considered exemplary only. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present application. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
As shown in fig. 1, in a data center or a cloud platform (e.g., a cloud computing platform), a management and control server generally adopts a bastion and trigger (relay) mode. The relay is a tool for connecting the server, supports security authentication, and the security authentication mode can be established according to the specific modes of various companies. The bastion machine is a security control machine, and all users (such as operation and maintenance personnel) needing to log in the server need to access the bastion machine first and perform authority management by the bastion machine.
In the related art, an administrator can examine and approve the authority applied by a user, the user has a permanent authority after examination and approval, the management mode is single, and the security risk of login operation is high. In view of this, the embodiments of the present application provide a rights management method, which can be applied to a bastion machine, and will be described in detail below.
An embodiment of the present application provides a rights management method, as shown in fig. 2, the method includes:
step S201, receiving a login request, wherein the login request comprises login user information of a user to be logged in;
step S202, calling an authority information table, wherein the authority information table comprises a plurality of pieces of preset authorized user information, and the preset authorized user information is updated according to a preset time period;
step S203, determining first target authorized user information corresponding to the current time from a plurality of preset authorized user information according to the authority information table;
and step S204, determining the login authority of the user to be logged in according to the first target authorized user information and the login user information.
The authority management method can be applied to bastion machines. The bastion machine receives a login request sent by a user to be logged in through terminal equipment, wherein the login request comprises login user information of the login user. In this embodiment, the user information may be an account number, a user name, a name, or the like.
In one embodiment, the preset authorized user information is updated according to a preset time period, which may be understood as: the authority information table comprises preset authorized user information under different preset time periods. For example: the week is taken as a preset time period, different preset authorized user information can be set for different weeks of each month, namely, the authority information table is a weekly duty information table, and the authority information table comprises user information (preset authorized user information) of duty personnel respectively corresponding to different preset time periods such as the first week and the second week. For another example: with months as a preset time period, user information (preset authorized user information) of different operators on duty can be set for different months of the year.
Further, after the bastion machine receives the login request, a time period corresponding to the current time is determined, and then the corresponding preset authorized user information is determined to serve as the first target authorized user information according to the time period. For example: the authority information table is a weekly duty information table, the time period corresponding to the current time is the second week, and the preset authorized user information corresponding to the second week is used as the first target authorized user information.
And further, determining the login authority of the user to be logged in according to the first target authorized user information and the login user information. For example: under the condition that the first target authorized user information is consistent with the login user information, the login authority of the user to be logged in is granted; and under the condition that the first target authorized user information is inconsistent with the login user information, not granting the login authority to the user to be logged in.
The method of the embodiment of the application provides an authority authentication mode based on duty, namely, the login authority of a user to be logged in can be managed based on an authority information table (duty table), for example, the authority of the duty person on duty on the week is updated regularly according to the name of the duty person on duty on each week (preset authorized user information), the login authority of the duty person on duty on the week is granted, and the login authority of the non-duty person is rejected. Therefore, the method of the embodiment of the application can reduce the security risk brought by login, increase the auditing of the non-permanent authority by a mode of circularly granting the authority, and reduce the operation problem of the permanent authority.
According to the number of users, the bastion machine can take over a plurality of machines (servers), and the bastion machine can take over hundreds of machines and tens of thousands of machines, so the login request can also comprise login services, and the login services selected by the user are different and the corresponding login machines are also different.
In one embodiment, the permission information table includes preset authorized user information corresponding to a plurality of preset services respectively. The step S203 may include: and determining first target authorized user information corresponding to the current time and the login service from a plurality of preset authorized user information according to the authority information table.
In one example, the permission information table includes preset authorized user information under each preset service at different preset time periods. Further, after receiving the login request, the bastion machine determines a time period corresponding to the current time, further searches each preset service in the time period, and takes the corresponding preset authorized user information as the first target authorized user information after finding the preset service matched with the login service.
In another example, the preset authorized user information is updated according to a preset time period, which can be understood as: and the authority information table is updated according to the preset time period, so that the preset authorized user information is different in different preset time periods. For example: the authority information table is updated every week, so that the preset authorized user information is updated every week. Further, since the authority information table is updated every week, after the bastion machine receives the login request, the called authority information table already corresponds to the current time, and then in step S203, after the preset service matched with the login service is searched from the authority information table, the corresponding preset authorized user information is obtained, that is, the first target authorized user information corresponding to the current time.
According to the method, different operators on duty can be set for different login services, so that the coverage accuracy of login permission is improved, and the stability of login of the operators on duty is guaranteed.
In one embodiment, as shown in fig. 3, the method implemented by the present application may include:
step S201, receiving a login request, wherein the login request comprises login user information and login service of a user to be logged in;
s301, acquiring second target authorized user information corresponding to the login service;
step S302, determining the login authority of the user to be logged in according to the second target authorized user information and the login user information.
The second target authorized user information can be arranged in the authority information table and can also be stored in other positions for being called by the bastion machine.
In one example, an emergency contact may be preset for each service, the emergency contact may have a permanent login authority, the user information of the emergency contact is the second target authorized user information, and the login authority of the user to be logged in is determined according to the second target authorized user information and the login user information. For example: under the condition that the second target authorized user information is consistent with the login user information, the login authority of the user to be logged in is granted; and under the condition that the second target authorized user information is inconsistent with the login user information, not granting the login authority to the user to be logged in.
That is to say, the method of the embodiment of the present application provides an authentication method based on an emergency contact, that is, the login authority of the user to be logged in is authenticated by setting the second target authorized user information (such as the user information of the emergency contact). Based on the method, emergency contacts can be set for each service to deal with sudden failures.
In one implementation, as shown in fig. 4, the method of the embodiment of the present application may include:
step S401, receiving an authority opening application, wherein the authority opening application comprises login user information of a user to be logged in;
s402, determining the application times of a user to be logged in the current time range according to the login user information;
and S403, under the condition that the application times do not reach the upper limit times, setting login authority for the user to be logged in.
That is, the bastion machine may set up a temporary authority. Specifically, a user (which can be a user to be logged in or an application user) can send an authority opening application to the bastion machine through the terminal device; and the bastion machine determines whether to set a login authority for the user according to the application times of the user in the current time range and the preset upper limit times.
Wherein, the current time range can be the current day, the current week, the current month, etc. For example, the current day, and then the bastion machine sets the login authority for the user to be logged in under the condition that the application times of the user to be logged in the current day do not reach the upper limit times.
Further, the permission establishment application may further include a time condition and an application service, and then establishes a login permission for the user to be logged in, which may include: and opening temporary login authority for the application service for the user to be logged in according to the time condition.
When the user selects the permission to set up the application, the user can select a time condition, such as effective duration, and can also select a login service (such as a machine), and then the bastion machine can set up a temporary login permission for the login service for the user, wherein the effective duration of the temporary login permission is the effective duration selected by the user. Illustratively, the user-selectable time condition has a limitation, such as a duration limit or a time period limit, or the like.
Illustratively, the permission opening application may further include remark information and information on whether to approve or not. For example: and the user to be logged in can select approval, then the bastion machine can send the permission establishment application to the corresponding equipment of the approval user, and determine whether to establish the login permission for the user to be logged in according to the approval result of the approval user. The user to be logged on may also choose not to approve and the bastion machine may notify (e.g., by mail) the administrator to reduce risk.
When the bastion machine sets the login right for the user, the bastion machine records the application information, thereby providing verifiable data records. The application information can comprise various information in the authority opening application, and can also comprise time information of the bastion machine opening login authority and the like.
That is to say, the method of the embodiment of the application provides an authentication mode for permission application approval, so that the temporary login permission can be opened for the user, and the permission setting is more flexible on the premise of controlling the risk.
In daily operation and maintenance work, a user logs in a machine to operate, and compared with the operation performed through a tool flow, the operation is naturally uncontrollable. The back-end service is deployed on the machine, and the operation and maintenance user needs to log in the machine when performing service deployment and fault handling. The method is based on the bastion control unified entry, authority management control, operation information recording, operation auditing, asset management and the like are carried out, and misoperation caused by direct login of a user on a machine is reduced.
Furthermore, the method of the embodiment of the application manages according to the login authority, authorizes the login authority through different authentication modes, and timely processes faults including login and audit, so that the possibility of misoperation is reduced, and the service stability is improved.
Fig. 5 shows an application example of the rights management method according to the embodiment of the present application. As shown in fig. 5, the user initiates login, for example, the user sends a login request to the bastion machine, and the login request includes login user information of the user. The bastion machine provides three channel login authority authentication modes for the user: based on the authentication mode of duty (authority information table), based on the authentication mode of emergency contact (second target authorized user information) and the authentication mode of authority application approval, and after the authentication is passed, the user is granted the login authority of logging in the machine.
In one embodiment, step S204 may include: under the condition that the first target authorized user information is not matched with the login user information, acquiring second target authorized user information corresponding to the login service; and sending an application prompt under the condition that the second target authorized user information is not matched with the login user information, wherein the application prompt is used for prompting the user to be logged in to carry out permission establishment application.
That is, the above-described three authentication methods may be performed according to the priority setting policy. For example: the bastion machine can determine the login authority of the user to be logged in based on the authentication mode of the authority information table. If the user information of the user to be logged in does not exist in the authority information table, namely the first target authorized user information is not matched with the login user information, the authentication mode based on the emergency contact person is further performed, namely if the second target authorized user information is not matched with the login user information, the user to be logged in is prompted to apply for the login authority through the authentication mode of authority application approval.
The authority management method provided by the embodiment of the application carries out classification authorization aiming at the user authority, automatically matches attributes and reduces potential safety hazards.
The embodiment of the present application further provides a rights management device, which may be applied to a bastion machine, as shown in fig. 6, the device includes:
a request receiving module 601, configured to receive a login request, where the login request includes login user information of a user to be logged in;
the information table calling module 602 is configured to call a permission information table, where the permission information table includes a plurality of pieces of preset authorized user information, and the preset authorized user information is updated according to a preset time period;
a first target information determining module 603, configured to determine, according to the permission information table, first target authorized user information corresponding to the current time from multiple pieces of preset authorized user information;
the first authority determining module 604 is configured to determine a login authority of a user to be logged in according to the first target authorized user information and the login user information.
In an embodiment, the login request further includes a login service, the authority information table includes preset authorized user information corresponding to a plurality of preset services, and the first target information determining module 603 is further configured to:
and determining first target authorized user information corresponding to the current time and the login service from a plurality of preset authorized user information according to the authority information table.
In an embodiment, the login request further includes a login service, as shown in fig. 7, the rights management apparatus further includes:
a second target information obtaining module 701, configured to obtain second target authorized user information corresponding to the login service;
the second authority determining module 702 is further configured to determine the login authority of the user to be logged in according to the second target authorized user information and the login user information.
In one embodiment, as shown in fig. 7, the rights management apparatus further includes:
an authority application module 703, configured to receive an authority establishment application, where the authority establishment application includes information of a login user;
an application frequency determining module 704, configured to determine, according to the login user information, the application frequency of the user to be logged in within the current time range;
the authority setting module 705 is configured to set a login authority for the user to be logged in when the number of applications does not reach the upper limit number.
In an embodiment, the permission establishment application further includes a time condition and an application service, and the permission establishment module 705 is further configured to establish a temporary login permission for the application service for the user to be logged in according to the time condition.
In one embodiment, as shown in FIG. 8, the first privilege determination module 604 comprises:
a second target information obtaining sub-module 801, configured to obtain second target authorized user information corresponding to the login service when the first target authorized user information does not match the login user information;
and an application prompt sending submodule 802, configured to send an application prompt under the condition that the second target authorized user information is not matched with the login user information, where the application prompt is used to prompt the user to be logged in to perform an authority opening application.
The functions of each module in each apparatus in the embodiment of the present application may refer to corresponding descriptions in the above method, and are not described herein again.
According to an embodiment of the present application, an electronic device and a readable storage medium are also provided.
Fig. 9 is a block diagram of an electronic device according to the rights management method of the embodiment of the application. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular phones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not meant to limit implementations of the present application that are described and/or claimed herein.
As shown in fig. 9, the electronic apparatus includes: one or more processors 901, memory 902, and interfaces for connecting the various components, including a high-speed interface and a low-speed interface. The various components are interconnected using different buses and may be mounted on a common motherboard or in other manners as desired. The processor may process instructions for execution within the electronic device, including instructions stored in or on the memory to display graphical information of a GUI on an external input/output apparatus (such as a display device coupled to the interface). In other embodiments, multiple processors and/or multiple buses may be used, along with multiple memories and multiple memories, as desired. Also, multiple electronic devices may be connected, with each device providing portions of the necessary operations (e.g., as a server array, a group of blade servers, or a multi-processor system). Fig. 9 illustrates an example of a processor 901.
The memory 902, which is a non-transitory computer-readable storage medium, may be used to store non-transitory software programs, non-transitory computer-executable programs, and modules, such as program instructions/modules corresponding to the rights management method in the embodiment of the present application (for example, the request receiving module 601, the information table calling module 602, and the first target information determining module 603 shown in fig. 6). The processor 901 executes various functional applications of the server and data processing by running non-transitory software programs, instructions, and modules stored in the memory 902, that is, implements the rights management method in the above-described method embodiments.
The memory 902 may include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the rights managed electronic device, and the like. Further, the memory 902 may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory 902 may optionally include memory located remotely from the processor 901, which may be connected to a rights managed electronic device over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The electronic device of the method of rights management may further include: an input device 903 and an output device 904. The processor 901, the memory 902, the input device 903 and the output device 904 may be connected by a bus or other means, and fig. 9 illustrates the connection by a bus as an example.
The input device 903 may receive input numeric or character information and generate key signal inputs related to user settings and function control of the rights managed electronic device, such as a touch screen, keypad, mouse, track pad, touch pad, pointer stick, one or more mouse buttons, track ball, joystick, or other input device. The output devices 904 may include a display device, auxiliary lighting devices (e.g., LEDs), tactile feedback devices (e.g., vibrating motors), and the like. The display device may include, but is not limited to, a Liquid Crystal Display (LCD), a Light Emitting Diode (LED) display, and a plasma display. In some implementations, the display device can be a touch screen.
Various implementations of the systems and techniques described here can be realized in digital electronic circuitry, integrated circuitry, application specific ASICs (application specific integrated circuits), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
These computer programs (also known as programs, software applications, or code) include machine instructions for a programmable processor, and may be implemented using high-level procedural and/or object-oriented programming languages, and/or assembly/machine languages. As used herein, the terms "machine-readable medium" and "computer-readable medium" refer to any computer program product, apparatus, and/or device (e.g., magnetic discs, optical disks, memory, Programmable Logic Devices (PLDs)) used to provide machine instructions and/or data to a programmable processor, including a machine-readable medium that receives machine instructions as a machine-readable signal. The term "machine-readable signal" refers to any signal used to provide machine instructions and/or data to a programmable processor.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), and the Internet.
The computer system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so as to solve the defects of high management difficulty and weak service expansibility in the traditional physical host and Virtual Private Server (VPS) service. The server may also be a server of a distributed system, or a server incorporating a blockchain.
It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present application may be executed in parallel, sequentially, or in different orders, as long as the desired results of the technical solutions disclosed in the present application can be achieved, and the present invention is not limited herein.
The above-described embodiments should not be construed as limiting the scope of the present application. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present application shall be included in the protection scope of the present application.
Claims (14)
1. A method of rights management, comprising:
receiving a login request, wherein the login request comprises login user information of a user to be logged in;
calling an authority information table, wherein the authority information table comprises a plurality of pieces of preset authorized user information, and the preset authorized user information is updated according to a preset time period;
determining first target authorized user information corresponding to the current time from the preset authorized user information according to the authority information table;
and determining the login authority of the user to be logged in according to the first target authorized user information and the login user information.
2. The method according to claim 1, wherein the login request further includes a login service, the authority information table includes preset authorized user information corresponding to a plurality of preset services, respectively, and the determining, according to the authority information table, the first target authorized user information corresponding to the current time from the plurality of preset authorized user information includes:
and determining first target authorized user information corresponding to the current time and the login service from the preset authorized user information according to the authority information table.
3. The method of claim 1, wherein the login request further includes a login service, the method further comprising:
acquiring second target authorized user information corresponding to the login service;
and determining the login authority of the user to be logged in according to the second target authorized user information and the login user information.
4. The method of claim 1, further comprising:
receiving an authority establishment application, wherein the authority establishment application comprises the information of the login user;
determining the application times of the user to be logged in the current time range according to the login user information;
and under the condition that the application times do not reach the upper limit times, setting login permission for the user to be logged in.
5. The method according to claim 4, wherein the permission establishment application further includes a time condition and an application service, and the permission establishment for the user to log in includes:
and setting temporary login authority for the application service for the user to be logged in according to the time condition.
6. The method of claim 2, wherein determining the login authority of the user to be logged in according to the first target authorized user information and the login user information comprises:
under the condition that the first target authorized user information is not matched with the login user information, second target authorized user information corresponding to the login service is obtained;
and sending an application prompt under the condition that the second target authorized user information is not matched with the login user information, wherein the application prompt is used for prompting the user to be logged in to carry out permission opening application.
7. A rights management device comprising:
the device comprises a request receiving module, a login processing module and a login processing module, wherein the request receiving module is used for receiving a login request which comprises login user information of a user to be logged in;
the information table calling module is used for calling an authority information table, wherein the authority information table comprises a plurality of pieces of preset authorized user information, and the preset authorized user information is updated according to a preset time period;
the first target information determining module is used for determining first target authorized user information corresponding to the current time from the preset authorized user information according to the authority information table;
and the first permission determining module is used for determining the login permission of the user to be logged in according to the first target authorized user information and the login user information.
8. The apparatus according to claim 7, wherein the login request further includes a login service, the permission information table includes preset authorized user information corresponding to a plurality of preset services, and the first target information determining module is further configured to:
and determining first target authorized user information corresponding to the current time and the login service from the preset authorized user information according to the authority information table.
9. The apparatus of claim 7, wherein the login request further includes a login service, the apparatus further comprising:
the second target information acquisition module is used for acquiring second target authorized user information corresponding to the login service;
and the second permission determining module is used for determining the login permission of the user to be logged in according to the second target authorized user information and the login user information.
10. The apparatus of claim 7, further comprising:
the authority application module is used for receiving an authority opening application, and the authority opening application comprises the information of the login user;
the application frequency determining module is used for determining the application frequency of the user to be logged in the current time range according to the login user information;
and the authority setting module is used for setting login authority for the user to be logged in under the condition that the application times do not reach the upper limit times.
11. The apparatus of claim 10, wherein the permission establishment application further includes a time condition and an application service, and the permission establishment module is further configured to:
and setting temporary login authority for the application service for the user to be logged in according to the time condition.
12. The apparatus of claim 8, wherein the first permission determination module comprises:
the second target information acquisition sub-module is used for acquiring second target authorized user information corresponding to the login service under the condition that the first target authorized user information is not matched with the login user information;
and the application prompt sending submodule is used for sending an application prompt under the condition that the second target authorized user information is not matched with the login user information, wherein the application prompt is used for prompting the user to be logged in to carry out permission setting application.
13. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-6.
14. A non-transitory computer readable storage medium having stored thereon computer instructions for causing a computer to perform the method of any one of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011345652.0A CN112328985A (en) | 2020-11-25 | 2020-11-25 | Authority management method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011345652.0A CN112328985A (en) | 2020-11-25 | 2020-11-25 | Authority management method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112328985A true CN112328985A (en) | 2021-02-05 |
Family
ID=74308802
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011345652.0A Pending CN112328985A (en) | 2020-11-25 | 2020-11-25 | Authority management method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112328985A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113204344A (en) * | 2021-05-28 | 2021-08-03 | 中国工商银行股份有限公司 | Information acquisition method and device for front-end development |
| CN113904880A (en) * | 2021-12-10 | 2022-01-07 | 云丁网络技术(北京)有限公司 | Authorization method of Internet of things equipment, and generation method and device of authorization identifier table |
| CN114422182A (en) * | 2021-12-13 | 2022-04-29 | 以萨技术股份有限公司 | Unified identity management platform |
| CN114978677A (en) * | 2022-05-20 | 2022-08-30 | 中国电信股份有限公司 | Asset access control method, device, electronic equipment and computer readable medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105337974A (en) * | 2015-10-28 | 2016-02-17 | 腾讯科技(深圳)有限公司 | Account authorization method, account login method, account authorization device and client end |
| CN105423481A (en) * | 2015-10-30 | 2016-03-23 | 广东美的制冷设备有限公司 | Air conditioner control method and system based on temporary operating authorization |
| CN105610781A (en) * | 2015-10-23 | 2016-05-25 | 宇龙计算机通信科技(深圳)有限公司 | Control method of intelligent household equipment, control apparatus and terminal thereof |
| CN108023873A (en) * | 2017-11-08 | 2018-05-11 | 深圳市文鼎创数据科技有限公司 | channel establishing method and terminal device |
| CN110298149A (en) * | 2019-05-22 | 2019-10-01 | 深圳壹账通智能科技有限公司 | Account permission locking means, device, computer equipment and storage medium |
-
2020
- 2020-11-25 CN CN202011345652.0A patent/CN112328985A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105610781A (en) * | 2015-10-23 | 2016-05-25 | 宇龙计算机通信科技(深圳)有限公司 | Control method of intelligent household equipment, control apparatus and terminal thereof |
| CN105337974A (en) * | 2015-10-28 | 2016-02-17 | 腾讯科技(深圳)有限公司 | Account authorization method, account login method, account authorization device and client end |
| CN105423481A (en) * | 2015-10-30 | 2016-03-23 | 广东美的制冷设备有限公司 | Air conditioner control method and system based on temporary operating authorization |
| CN108023873A (en) * | 2017-11-08 | 2018-05-11 | 深圳市文鼎创数据科技有限公司 | channel establishing method and terminal device |
| CN110298149A (en) * | 2019-05-22 | 2019-10-01 | 深圳壹账通智能科技有限公司 | Account permission locking means, device, computer equipment and storage medium |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113204344A (en) * | 2021-05-28 | 2021-08-03 | 中国工商银行股份有限公司 | Information acquisition method and device for front-end development |
| CN113204344B (en) * | 2021-05-28 | 2024-04-19 | 中国工商银行股份有限公司 | Information acquisition method and device for front-end development |
| CN113904880A (en) * | 2021-12-10 | 2022-01-07 | 云丁网络技术(北京)有限公司 | Authorization method of Internet of things equipment, and generation method and device of authorization identifier table |
| CN114422182A (en) * | 2021-12-13 | 2022-04-29 | 以萨技术股份有限公司 | Unified identity management platform |
| CN114422182B (en) * | 2021-12-13 | 2024-01-16 | 以萨技术股份有限公司 | Unified identity management platform |
| CN114978677A (en) * | 2022-05-20 | 2022-08-30 | 中国电信股份有限公司 | Asset access control method, device, electronic equipment and computer readable medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112328985A (en) | Authority management method, device, equipment and storage medium | |
| US11102215B2 (en) | Graphical user interface privacy, security and anonymization | |
| CN111930852B (en) | Data processing method, device and equipment based on block chain and storage medium | |
| CN110826992A (en) | Block chain-based government affair information processing method, device, equipment and medium | |
| US11611665B1 (en) | Support services for virtual data centers | |
| US8185550B1 (en) | Systems and methods for event-based provisioning of elevated system privileges | |
| CN111666578A (en) | Data management method and device, electronic equipment and computer readable storage medium | |
| CN112910904B (en) | Login method and device of multi-service system | |
| CN111965996A (en) | Intelligent device control method, device, equipment and storage medium | |
| CN113014424B (en) | Cloud platform management method and device, electronic equipment and storage medium | |
| CN112016068A (en) | Account control method, device, equipment and computer readable storage medium | |
| CN112527252A (en) | Applet management method and device, applet platform, electronic device and medium | |
| CN113361838A (en) | Business wind control method and device, electronic equipment and storage medium | |
| Jelacic et al. | Security risk assessment-based cloud migration methodology for smart grid OT services | |
| CN112069490A (en) | Method, device, electronic equipment and storage medium for providing applet capability | |
| CN112565225B (en) | Method and device for data transmission, electronic equipment and readable storage medium | |
| US20180139244A1 (en) | Management of actions initiated by applications in client devices | |
| CN112000880A (en) | Push message processing method and device, electronic equipment and readable storage medium | |
| KR20210046979A (en) | Method to Provide Application Security Service Based on Cloud Computing | |
| CN114422182B (en) | Unified identity management platform | |
| CN116170274A (en) | Web application access method, device, system and computing equipment | |
| CN115688133A (en) | Data processing method, device, equipment and storage medium | |
| US11784996B2 (en) | Runtime credential requirement identification for incident response | |
| CN113934494A (en) | Cloud desktop management method and device, electronic equipment and storage medium | |
| US10601959B2 (en) | System and method for managing virtual environments in an infrastructure |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |