CN113065122A - Temporary authority management method, device and computer readable medium - Google Patents
Temporary authority management method, device and computer readable medium Download PDFInfo
- Publication number
- CN113065122A CN113065122A CN202110355239.0A CN202110355239A CN113065122A CN 113065122 A CN113065122 A CN 113065122A CN 202110355239 A CN202110355239 A CN 202110355239A CN 113065122 A CN113065122 A CN 113065122A
- Authority
- CN
- China
- Prior art keywords
- user
- role
- score
- temporary
- authority
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 38
- 238000000034 method Methods 0.000 claims description 15
- 230000006399 behavior Effects 0.000 claims description 7
- 206010000117 Abnormal behaviour Diseases 0.000 claims description 4
- 239000002184 metal Substances 0.000 description 6
- 230000008859 change Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 238000013475 authorization Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000008520 organization Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2113—Multi-level security, e.g. mandatory access control
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2137—Time limited access, e.g. to a computer or data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The invention provides a temporary authority management method, a temporary authority management device and a computer readable medium. Adding temporary roles and corresponding authorities thereof in a role authority table in advance, wherein each role and corresponding authorities thereof are stored in the role authority table. Receiving a temporary role application sent by a user, wherein the temporary role application comprises a temporary authority applied by the user and an ID of the user; determining the current role of the user according to a preset user role table by using the ID, wherein the user role table comprises the ID of each user and the corresponding role thereof; determining whether the authority of the current role comprises the temporary authority or not according to the role authority table; if not, judging whether the credibility of the user can apply for the temporary role or not; and if so, adding the temporary role for the user in the user role table so as to enable the user to obtain the temporary authority. The scheme of the invention can perform temporary authority management aiming at a single user.
Description
Technical Field
The present invention relates to the field of internet technologies, and in particular, to a temporary rights management method, device, and computer readable medium.
Background
Currently, rights management is basically performed through a Role-Based Access control model (RBAC), and the Access rights granted to a user are generally determined by the Role the user plays. The RBAC grants the role, the role is granted to the user, the authority is uniformly managed by an administrator, and the RBAC makes access authorization and control according to the role of the user in the organization.
However, when a user needs to temporarily acquire the authority that the user does not have, such as in the face of some emergency, if the user is authorized by modifying the authority of the role, all users acting in the role will be authorized; therefore, at present, the temporary authority cannot be managed for a single user.
Disclosure of Invention
The embodiment of the invention provides a temporary authority management method, a temporary authority management device and a computer readable medium, which can perform temporary authority management aiming at a single user.
In a first aspect, an embodiment of the present invention provides a temporary rights management method, including: adding temporary roles and corresponding authorities thereof in a role authority table in advance, wherein the role authority table stores the roles and the corresponding authorities thereof, and the method further comprises the following steps:
receiving a temporary role application sent by a user, wherein the temporary role application comprises a temporary authority applied by the user and an ID of the user;
determining the current role of the user according to a preset user role table by using the ID, wherein the user role table comprises the ID of each user and the corresponding role thereof;
determining whether the authority of the current role comprises the temporary authority or not according to the role authority table;
if not, judging whether the credibility of the user can apply for the temporary role or not;
and if so, adding the temporary role for the user in the user role table so as to enable the user to obtain the temporary authority.
Preferably, the first and second electrodes are formed of a metal,
the judging whether the credibility of the user can apply for the temporary role comprises the following steps:
reading a pre-established user attribute table, wherein the user attribute table comprises the attribute score of each user, and acquiring the target attribute score of the user;
carrying out weighted summation according to the target attribute score to determine the credibility score of the user;
when the credibility score is larger than a preset threshold value, adding the temporary role for the user in the user role table;
and when the credibility score is not greater than a preset threshold value, rejecting the temporary role application of the user.
Preferably, the first and second electrodes are formed of a metal,
the credibility score comprises the attribute score comprises a skill score, an experience value score, and a credit score;
the weighting and summing according to the target attribute score to determine the credibility score of the user comprises the following steps:
calculating the confidence score by the following equation, the first equation comprising:
W=a×A+b×B+c×C
wherein W is the credibility score; A. b, C are the skill score, the experience value score, and the credit score, respectively; a. b, c are weighting coefficients of the skill score, the experience value score and the credit score respectively; the skill score A is obtained through the skill level authentication condition of the user; the credit score B is obtained through the number of the processing events of the user and the success rate of the processing events; the credit score C is derived from the user's history of credit violations, loyalty behavior, and future credit assessments.
Preferably, the first and second electrodes are formed of a metal,
further comprising:
when a preset condition is reached, deleting the temporary role of the user in the user role table; the preset conditions include: the user actively applies for deleting the temporary role, the time for the user to obtain the temporary role reaches a preset time threshold value and/or the user has abnormal behaviors.
Preferably, the first and second electrodes are formed of a metal,
the preset time threshold is obtained according to the registration information of the user;
the temporary role application comprises application time representing the time when the user expects to obtain the temporary role;
after receiving a temporary role application sent by a user, before determining the current role of the user according to a preset user role table, the method further comprises:
determining whether the application time exceeds the time threshold;
if so, determining the current role of the user according to a preset user role table;
if not, the temporary role application of the user is rejected.
In a second aspect, an embodiment of the present invention provides a temporary rights management apparatus according to any one of the above first aspects, including:
the receiving module is used for receiving a temporary role application sent by a user, wherein the temporary role application comprises a temporary authority applied by the user and an ID of the user;
the determining module is used for determining the current role of the user according to a preset user role table by using the ID, wherein the user role table comprises the ID of each user and the corresponding role;
the processing module is used for determining whether the authority of the current role comprises the temporary authority or not according to the current role and the authority of the current role stored in the role table; if not, judging whether the credibility of the user can apply for the temporary role or not; and if so, adding the temporary role for the user in the user role table so as to enable the user to obtain the temporary authority.
Preferably, the first and second electrodes are formed of a metal,
the processing module, when executing the judgment whether the credibility of the user can apply for the temporary role, specifically executes:
reading a pre-established user attribute table, wherein the user attribute table comprises the attribute score of each user, and acquiring the target attribute score of the user;
carrying out weighted summation according to the target attribute score to determine the credibility score of the user;
when the credibility score is larger than a preset threshold value, adding the temporary role for the user in the user role table;
and when the credibility score is not greater than a preset threshold value, rejecting the temporary role application of the user.
Preferably, the first and second electrodes are formed of a metal,
when the credibility score comprises the attribute score including a skill score, an experience value score and a credit score, the processing module, when performing the weighted summation according to the target attribute score to determine the credibility score of the user, specifically performs:
calculating the confidence score by the following equation, the first equation comprising:
W=a×A+b×B+c×C
wherein W is the credibility score; A. b, C are the skill score, the experience value score, and the credit score, respectively; a. b, c are weighting coefficients of the skill score, the experience value score and the credit score respectively; the skill score A is obtained through the skill level authentication condition of the user; the credit score B is obtained through the number of the processing events of the user and the success rate of the processing events; the credit score C is derived from the user's history of credit violations, loyalty behavior, and future credit assessments.
In a third aspect, an embodiment of the present invention provides a temporary rights management apparatus, including: at least one memory and at least one processor;
the at least one memory to store a machine readable program;
the at least one processor is configured to invoke the machine-readable program to perform the temporary rights management method according to any of the first aspect.
In a fourth aspect, an embodiment of the present invention provides a computer-readable medium, on which computer instructions are stored, and when executed by a processor, the computer instructions cause the processor to execute the temporary rights management method according to any one of the first aspect.
The embodiment of the invention provides a temporary authority management method, a temporary authority management device and a computer readable medium. In the authority management, each role and corresponding authority are usually determined through a role authority table, and besides the existing role, a temporary role is separately added, and the corresponding authority is determined. Receiving a temporary role application sent by a user, wherein the temporary role application comprises a temporary authority which the user wants to apply and an ID of the user. Firstly, determining the role of the user from a preset user role table according to the ID, determining whether the user has a temporary authority from a role authority table through the role of the user, and if so, not applying; if the user does not have the temporary authority, judging whether the credibility of the user can additionally apply for a temporary role or not in order to ensure safety, if so, adding a temporary role for the user in a user role table, and enabling the user to obtain the temporary authority. The scheme provided by the embodiment of the invention additionally sets the temporary roles, does not need to change the authority of a role, so that the authorities of all users of the role are changed, and does not need to change the roles of the users, so that a single user can obtain some authorities which are not possessed at ordinary times under some emergency situations to solve the emergency situation, and the temporary authority management of the single user is realized.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a flow chart of a temporary rights management method provided by an embodiment of the invention;
fig. 2 is a schematic diagram of a temporary rights management apparatus according to an embodiment of the invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer and more complete, the technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention, and based on the embodiments of the present invention, all other embodiments obtained by a person of ordinary skill in the art without creative efforts belong to the scope of the present invention.
As previously mentioned, rights management is currently accomplished primarily through Role-Based Access control models (RBACs), with the Access rights granted to a user typically being determined by the Role the user plays. The RBAC grants the role, the role is granted to the user, the authority is uniformly managed by an administrator, and the RBAC makes access authorization and control according to the role of the user in the organization. However, when a user needs to temporarily acquire the authority that the user does not have, such as in the face of some emergency, if the user is authorized by modifying the authority of the role, all users acting in the role will be authorized; therefore, at present, the temporary authority cannot be managed for a single user.
The temporary right management method, apparatus and computer readable medium according to various embodiments of the present invention are described in detail below with reference to the accompanying drawings.
As shown in fig. 1, an embodiment of the present invention provides a temporary rights management method, which includes the following steps:
step 101: adding temporary roles and corresponding authorities thereof in a role authority table in advance, wherein the role authority table stores all the roles and the corresponding authorities thereof;
step 102: receiving a temporary role application sent by a user, wherein the temporary role application comprises a temporary authority applied by the user and an ID of the user;
step 103: determining the current role of the user according to a preset user role table by using the ID, wherein the user role table comprises the ID of each user and the corresponding role thereof;
step 104: determining whether the authority of the current role comprises the temporary authority according to the role authority table, if so, executing step 107; if not, go to step 105;
step 105: judging whether the credibility of the user can apply for the temporary role, if so, executing step 106;
step 106: and adding the temporary role for the user in the user role table so that the user obtains the temporary authority.
Step 107: and rejecting the provisional role application.
In the embodiment of the invention, in the authority management, each role and the corresponding authority are usually determined through a role authority table, a temporary role is separately added besides the existing role, and the corresponding authority is determined. Receiving a temporary role application sent by a user, wherein the temporary role application comprises a temporary authority which the user wants to apply and an ID of the user. Firstly, determining the role of the user from a preset user role table according to the ID, determining whether the user has a temporary authority from a role authority table through the role of the user, and if so, not applying; if the user does not have the temporary authority, judging whether the credibility of the user can additionally apply for a temporary role or not in order to ensure safety, if so, adding a temporary role for the user in a user role table, and enabling the user to obtain the temporary authority. The scheme provided by the embodiment of the invention additionally sets the temporary roles, does not need to change the authority of a role, so that the authorities of all users of the role are changed, and does not need to change the roles of the users, so that a single user can obtain some authorities which are not possessed at ordinary times under some emergency situations to solve the emergency situation, and the temporary authority management of the single user is realized. And establishing a basic RBAC framework comprising users, roles, authorities and limiting conditions. On the basis of the framework, user attributes are added for users, temporary roles are added to the roles except for a general role and an administrator role, and the temporary roles bind the authority capable of processing emergency situations and are used for processing emergency situations.
Specifically, the present invention provides an improved RBAC permission management method, which is used for solving the problem that a user may break through the limitation of the conventional permission in an emergency situation, so as to achieve the purpose of rapidly handling an emergency situation. Firstly, a role table is established, and role hierarchy relation is realized by storing parent IDs. Role hierarchies can be partitioned by organizing role structures and authority responsibilities. In addition to the general role and the system administrator role, a temporary role is added, enabled when handling emergency situations. And establishing a user role table associated with the user and the role, and storing the user ID and the role ID, wherein the relationship is many-to-many. That is, one user may be assigned multiple roles and one role may be assigned to multiple users. If the role hierarchy exists, the authority owned by the user is the set of all the authorities of the role and the subordinate roles. And establishing a role authority list, and storing the authority ID and the role ID, wherein the relationship is many-to-many. That is, one right may be granted to multiple roles, and one role may be granted multiple rights. When the role is authorized, if the role has a hierarchical relationship, the role is only authorized to the authority which the subordinate role does not have, thereby avoiding repeated storage. After a user establishes a session, a system acquires a current user ID, acquires all roles of the current user in a user role table, and acquires a set of permissions of the roles in a permission role association table. All the operating rights of the user of this session are obtained.
In an embodiment of the present invention, the determining whether the credibility of the user can apply for the temporary role includes:
reading a pre-established user attribute table, wherein the user attribute table comprises the attribute score of each user, and acquiring the target attribute score of the user;
carrying out weighted summation according to the target attribute score to determine the credibility score of the user;
when the credibility score is larger than a preset threshold value, adding the temporary role for the user in the user role table;
and when the credibility score is not greater than a preset threshold value, rejecting the temporary role application of the user.
In particular, it may cause a security problem to assign a right that a user does not have before to the user without determining the trustworthiness thereof, and therefore, a user attribute table is established in advance and associated with the user table by a user id. This table is not used in general situations, but is used to determine the trustworthiness of the user in emergency situations. The credibility of the user is determined through the quantitative attribute of the user, and then the credibility is compared with a credibility standard which is preset in the system, and if the credibility of the user reaches the specified standard, a temporary role can be granted.
In an embodiment of the invention, the confidence score comprises the attribute score comprises a skill score, an experience score, and a credit score;
the weighting and summing according to the target attribute score to determine the credibility score of the user comprises the following steps:
calculating the confidence score by the following equation, the first equation comprising:
W=a×A+b×B+c×C
wherein W is the credibility score; A. b, C are the skill score, the experience value score, and the credit score, respectively; a. b, c are weighting coefficients of the skill score, the experience value score and the credit score respectively; the skill score A is obtained through the skill level authentication condition of the user; the credit score B is obtained through the number of the processing events of the user and the success rate of the processing events; the credit score C is derived from the user's history of credit violations, loyalty behavior, and future credit assessments.
Specifically, the user attribute table may include a skill score, an experience score, and a credit score according to actual needs. The skill score may quantify a user's ability to address an emergency, the experience score may quantify a user's experience with handling the emergency, and the credit score may quantify whether a user's historical behavior meets specifications. For example, the user finds an emergency, the operation authority limit of the user cannot handle the emergency, and the user applies for a temporary role. At the moment, the system acquires the current user ID, inquires the skill score, the experience value score and the credit score of the user in the attribute table of the user, and acquires the reliability of the user through a preset weighting algorithm. If there are three attributes, skill score 6, experience score 8, and credit score 9, respectively, with weights of 0.4, 0.3, and 0.3, respectively, then a confidence level of 7.5 may be calculated for the user. The system may define confidence level parameters to limit the parameters that can handle general, emergency, and special cases. For example, the general confidence level is 5, the intermediate confidence level is 7, and the high confidence level is 9. The user reaches the intermediate level of credibility, and can handle emergency. High level of confidence may be used in special situations, such as current emergencies are too complex, requiring users with confidence levels greater than 9, i.e., very high skill, experience, and credit scores, to deal with.
In an embodiment of the present invention, the method further includes: when a preset condition is reached, deleting the temporary role of the user in the user role table; the preset conditions include: the user actively applies for deleting the temporary role, the time for the user to obtain the temporary role reaches a preset time threshold value and/or the user has abnormal behaviors.
Specifically, the user obtains the temporary role, that is, a record for binding the temporary role is added to the user in the user role table. The temporary role binds the operation authority which can handle the emergency. The user can obtain these rights and proceed with the handling of the emergency. After the user finishes processing the emergency, the user can actively select to apply for deleting the temporary role; automatically deleting the temporary role of the user when a time threshold is reached; and deleting the temporary role of the user when the user utilizes the temporary role to have abnormal behavior. Deleting the temporary role requires the temporary role to be reclaimed by the administrator, deleting the record of the emergency role in the user role table.
In an embodiment of the present invention, the preset time threshold is obtained according to registration information of the user;
the temporary role application comprises application time representing the time when the user expects to obtain the temporary role;
after receiving a temporary role application sent by a user, before determining the current role of the user according to a preset user role table, the method further comprises the following steps:
determining whether the application time exceeds the time threshold;
if so, determining the current role of the user according to a preset user role table;
if not, the temporary role application of the user is rejected.
Specifically, the time when the user can apply for the temporary role can be determined according to the registration information of the user, and if the user is a new user who has never dealt with the emergency situation before, or if the information is incomplete and abnormal, the time when the user obtains the temporary role can be adaptively reduced. If the user is experienced in dealing with an emergency, the time for the user to obtain the temporary role may be increased appropriately. When a user applies for a temporary role, judging whether the time expected by the user exceeds the maximum time for the user to obtain the temporary role, if so, the user cannot obtain the temporary role. In addition, in order to ensure the safety, a temporary role use history table can be established, information such as the occurrence time of an emergency, a user ID, processing time, an emergency role ID and the like can be recorded, the information is used for multi-disk analysis in the later period, and the relevant attribute for calculating the reliability of the user can be adjusted according to the emergency processing result, so that the safety of the system is improved.
As shown in fig. 2, on the basis of the embodiments shown in fig. 1, an embodiment of the present invention provides a temporary rights management apparatus, including:
a receiving module 201, configured to receive a temporary role application sent by a user, where the temporary role application includes a temporary permission applied by the user and an ID of the user;
a determining module 202, configured to determine, by using the ID, a current role of the user according to a preset user role table, where the user role table includes the ID of each user and a role corresponding to the ID;
the processing module 203 is configured to determine whether the permission of the current role includes the temporary permission according to the current role and the permission of the current role stored in the role table; if not, judging whether the credibility of the user can apply for the temporary role or not; and if so, adding the temporary role for the user in the user role table so as to enable the user to obtain the temporary authority.
In an embodiment of the present invention, when the processing module 203 performs the determining whether the user's credibility can apply for the temporary role, specifically performs:
reading a pre-established user attribute table, wherein the user attribute table comprises the attribute score of each user, and acquiring the target attribute score of the user;
carrying out weighted summation according to the target attribute score to determine the credibility score of the user;
when the credibility score is larger than a preset threshold value, adding the temporary role for the user in the user role table;
and when the credibility score is not greater than a preset threshold value, rejecting the temporary role application of the user.
In an embodiment of the present invention, when the credibility score includes the attribute score including a skill score, an experience score, and a credit score, the processing module 203 specifically performs, when performing the weighted summation according to the target attribute score to determine the credibility score of the user:
calculating the confidence score by the following equation, the first equation comprising:
W=a×A+b×B+c×C
wherein W is the credibility score; A. b, C are the skill score, the experience value score, and the credit score, respectively; a. b, c are weighting coefficients of the skill score, the experience value score and the credit score respectively; the skill score A is obtained through the skill level authentication condition of the user; the credit score B is obtained through the number of the processing events of the user and the success rate of the processing events; the credit score C is derived from the user's history of credit violations, loyalty behavior, and future credit assessments.
It is to be understood that the illustrated structure of the embodiment of the present invention does not constitute a specific limitation to the temporary right management apparatus. In other embodiments of the invention, the temporary rights management means may comprise more or fewer components than those shown, or some components may be combined, some components may be split, or a different arrangement of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.
The content of information interaction, execution process, and the like between the units in the temporary right management device is based on the same concept as that of the method embodiment of the present invention, and specific content can be referred to the description of the method embodiment of the present invention, and is not described herein again.
The present invention also provides a computer-readable medium storing instructions for causing a computer to perform a temporary rights management method as described herein. Specifically, a system or an apparatus equipped with a storage medium on which software program codes that realize the functions of any of the above-described embodiments are stored may be provided, and a computer (or a CPU or MPU) of the system or the apparatus is caused to read out and execute the program codes stored in the storage medium.
In this case, the program code itself read from the storage medium can realize the functions of any of the above-described embodiments, and thus the program code and the storage medium storing the program code constitute a part of the present invention.
Examples of the storage medium for supplying the program code include a floppy disk, a hard disk, a magneto-optical disk, an optical disk (e.g., CD-ROM, CD-R, CD-RW, DVD-ROM, DVD-RAM, DVD-RW, DVD + RW), a magnetic tape, a nonvolatile memory card, and a ROM. Alternatively, the program code may be downloaded from a server computer via a communications network.
Further, it should be clear that the functions of any one of the above-described embodiments may be implemented not only by executing the program code read out by the computer, but also by causing an operating system or the like operating on the computer to perform a part or all of the actual operations based on instructions of the program code.
Further, it is to be understood that the program code read out from the storage medium is written to a memory provided in an expansion board inserted into the computer or to a memory provided in an expansion unit connected to the computer, and then causes a CPU or the like mounted on the expansion board or the expansion unit to perform part or all of the actual operations based on instructions of the program code, thereby realizing the functions of any of the above-described embodiments.
It should be noted that not all steps and modules in the above flows and system structure diagrams are necessary, and some steps or modules may be omitted according to actual needs. The execution order of the steps is not fixed and can be adjusted as required. The system structure described in the above embodiments may be a physical structure or a logical structure, that is, some modules may be implemented by the same physical entity, or some modules may be implemented by a plurality of physical entities, or some components in a plurality of independent devices may be implemented together.
In the above embodiments, the hardware unit may be implemented mechanically or electrically. For example, a hardware element may comprise permanently dedicated circuitry or logic (such as a dedicated processor, FPGA or ASIC) to perform the corresponding operations. The hardware elements may also comprise programmable logic or circuitry, such as a general purpose processor or other programmable processor, that may be temporarily configured by software to perform the corresponding operations. The specific implementation (mechanical, or dedicated permanent, or temporarily set) may be determined based on cost and time considerations.
While the invention has been shown and described in detail in the drawings and in the preferred embodiments, the invention is not limited to the embodiments disclosed, and those skilled in the art will appreciate that various combinations of code auditing means in the various embodiments described above may be employed to obtain further embodiments of the invention, which are also within the scope of the invention.
Claims (10)
1. The temporary right management method is characterized by comprising the following steps: adding temporary roles and corresponding authorities thereof in a role authority table in advance, wherein the role authority table stores the roles and the corresponding authorities thereof, and the method further comprises the following steps:
receiving a temporary role application sent by a user, wherein the temporary role application comprises a temporary authority applied by the user and an ID of the user;
determining the current role of the user according to a preset user role table by using the ID, wherein the user role table comprises the ID of each user and the corresponding role thereof;
determining whether the authority of the current role comprises the temporary authority or not according to the role authority table;
if not, judging whether the credibility of the user can apply for the temporary role or not;
and if so, adding the temporary role for the user in the user role table so as to enable the user to obtain the temporary authority.
2. The method of claim 1,
the judging whether the credibility of the user can apply for the temporary role comprises the following steps:
reading a pre-established user attribute table, wherein the user attribute table comprises the attribute score of each user, and acquiring the target attribute score of the user;
carrying out weighted summation according to the target attribute score to determine the credibility score of the user;
when the credibility score is larger than a preset threshold value, adding the temporary role for the user in the user role table;
and when the credibility score is not greater than a preset threshold value, rejecting the temporary role application of the user.
3. The method of claim 2,
the credibility score comprises the attribute score comprises a skill score, an experience value score, and a credit score;
the weighting and summing according to the target attribute score to determine the credibility score of the user comprises the following steps:
calculating the confidence score by the following equation, the first equation comprising:
W=a×A+b×B+c×C
wherein W is the credibility score; A. b, C are the skill score, the experience value score, and the credit score, respectively; a. b, c are weighting coefficients of the skill score, the experience value score and the credit score respectively; the skill score A is obtained through the skill level authentication condition of the user; the credit score B is obtained through the number of the processing events of the user and the success rate of the processing events; the credit score C is derived from the user's history of credit violations, loyalty behavior, and future credit assessments.
4. The method of claim 1,
further comprising:
when a preset condition is reached, deleting the temporary role of the user in the user role table; the preset conditions include: the user actively applies for deleting the temporary role, the time for the user to obtain the temporary role reaches a preset time threshold value and/or the user has abnormal behaviors.
5. The method of claim 4,
the preset time threshold is obtained according to the registration information of the user;
the temporary role application comprises application time representing the time when the user expects to obtain the temporary role;
after receiving a temporary role application sent by a user, before determining the current role of the user according to a preset user role table, the method further comprises:
determining whether the application time exceeds the time threshold;
if so, determining the current role of the user according to a preset user role table;
if not, the temporary role application of the user is rejected.
6. A temporary rights management apparatus of a temporary rights management method according to any one of claims 1 to 5, characterized by comprising:
the receiving module is used for receiving a temporary role application sent by a user, wherein the temporary role application comprises a temporary authority applied by the user and an ID of the user;
the determining module is used for determining the current role of the user according to a preset user role table by using the ID, wherein the user role table comprises the ID of each user and the corresponding role;
the processing module is used for determining whether the authority of the current role comprises the temporary authority or not according to the current role and the authority of the current role stored in the role table; if not, judging whether the credibility of the user can apply for the temporary role or not; and if so, adding the temporary role for the user in the user role table so as to enable the user to obtain the temporary authority.
7. The method of claim 6,
the processing module, when executing the judgment whether the credibility of the user can apply for the temporary role, specifically executes:
reading a pre-established user attribute table, wherein the user attribute table comprises the attribute score of each user, and acquiring the target attribute score of the user;
carrying out weighted summation according to the target attribute score to determine the credibility score of the user;
when the credibility score is larger than a preset threshold value, adding the temporary role for the user in the user role table;
and when the credibility score is not greater than a preset threshold value, rejecting the temporary role application of the user.
8. The method of claim 7,
when the credibility score comprises the attribute score including a skill score, an experience value score and a credit score, the processing module, when performing the weighted summation according to the target attribute score to determine the credibility score of the user, specifically performs:
calculating the confidence score by the following equation, the first equation comprising:
W=a×A+b×B+c×C
wherein W is the credibility score; A. b, C are the skill score, the experience value score, and the credit score, respectively; a. b, c are weighting coefficients of the skill score, the experience value score and the credit score respectively; the skill score A is obtained through the skill level authentication condition of the user; the credit score B is obtained through the number of the processing events of the user and the success rate of the processing events; the credit score C is derived from the user's history of credit violations, loyalty behavior, and future credit assessments.
9. A temporary rights management apparatus, comprising: at least one memory and at least one processor;
the at least one memory to store a machine readable program;
the at least one processor, configured to invoke the machine readable program, to perform the temporary rights management method of any of claims 1-5.
10. Computer readable medium, characterized in that it has stored thereon computer instructions which, when executed by a processor, cause the processor to execute the temporary rights management method of any of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110355239.0A CN113065122A (en) | 2021-04-01 | 2021-04-01 | Temporary authority management method, device and computer readable medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110355239.0A CN113065122A (en) | 2021-04-01 | 2021-04-01 | Temporary authority management method, device and computer readable medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113065122A true CN113065122A (en) | 2021-07-02 |
Family
ID=76565358
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110355239.0A Pending CN113065122A (en) | 2021-04-01 | 2021-04-01 | Temporary authority management method, device and computer readable medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113065122A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115098889A (en) * | 2022-08-24 | 2022-09-23 | 广州市千钧网络科技有限公司 | Authority management method, device, equipment and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103780581A (en) * | 2012-10-23 | 2014-05-07 | 江南大学 | Cloud storage-based encrypted file access control system and method |
| CN106603722A (en) * | 2017-01-22 | 2017-04-26 | 杭州迪普科技股份有限公司 | Management device determining method and device |
| CN107483389A (en) * | 2016-06-07 | 2017-12-15 | 武汉斗鱼网络科技有限公司 | A kind of temporary authority management method and device |
| CN109598117A (en) * | 2018-10-24 | 2019-04-09 | 平安科技(深圳)有限公司 | Right management method, device, electronic equipment and storage medium |
| CN109783581A (en) * | 2018-11-30 | 2019-05-21 | 平安科技(深圳)有限公司 | Right management method, device, electronic equipment and storage medium |
| CN111737711A (en) * | 2020-06-16 | 2020-10-02 | 苏州浪潮智能科技有限公司 | Time-limited user temporary role management method and device |
| CN112579996A (en) * | 2019-09-29 | 2021-03-30 | 杭州海康威视数字技术股份有限公司 | Temporary authorization method and device |
-
2021
- 2021-04-01 CN CN202110355239.0A patent/CN113065122A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103780581A (en) * | 2012-10-23 | 2014-05-07 | 江南大学 | Cloud storage-based encrypted file access control system and method |
| CN107483389A (en) * | 2016-06-07 | 2017-12-15 | 武汉斗鱼网络科技有限公司 | A kind of temporary authority management method and device |
| CN106603722A (en) * | 2017-01-22 | 2017-04-26 | 杭州迪普科技股份有限公司 | Management device determining method and device |
| CN109598117A (en) * | 2018-10-24 | 2019-04-09 | 平安科技(深圳)有限公司 | Right management method, device, electronic equipment and storage medium |
| CN109783581A (en) * | 2018-11-30 | 2019-05-21 | 平安科技(深圳)有限公司 | Right management method, device, electronic equipment and storage medium |
| CN112579996A (en) * | 2019-09-29 | 2021-03-30 | 杭州海康威视数字技术股份有限公司 | Temporary authorization method and device |
| CN111737711A (en) * | 2020-06-16 | 2020-10-02 | 苏州浪潮智能科技有限公司 | Time-limited user temporary role management method and device |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115098889A (en) * | 2022-08-24 | 2022-09-23 | 广州市千钧网络科技有限公司 | Authority management method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10050996B1 (en) | Methods and systems for performing dynamic risk analysis using user feedback | |
| US10318751B2 (en) | Automatic removal of global user security groups | |
| US8719911B2 (en) | Methods, systems, and computer program products for authenticating an identity of a user by generating a confidence indicator of the identity of the user based on a combination of multiple authentication techniques | |
| JP5593327B2 (en) | Method and system for impersonating a user | |
| CN110768967B (en) | Service authorization method, device, equipment, system and storage medium | |
| US20160203489A1 (en) | Methods, systems, and apparatus for identifying risks in online transactions | |
| CN109784031B (en) | Account identity verification processing method and device | |
| RU2622883C2 (en) | System and method for managing access to personal data | |
| CN110855599B (en) | Multi-tenant access control method and device and computer readable storage medium | |
| JP2006311529A (en) | Authentication system and authentication method therefor, authentication server and authentication method therefor, recording medium, and program | |
| WO2020145967A1 (en) | Access control method | |
| US9026456B2 (en) | Business-responsibility-centric identity management | |
| CN111143822A (en) | Application system access method and device | |
| CN105959309A (en) | User permission management method and system | |
| CN105069366B (en) | A kind of Account Logon and management method and device | |
| CN110224851B (en) | Account information merging method and device, computer equipment and computer storage medium | |
| CN113065122A (en) | Temporary authority management method, device and computer readable medium | |
| CN106130968B (en) | A kind of identity identifying method and system | |
| CN110971609A (en) | Anti-cloning method of DRM client certificate, storage medium and electronic equipment | |
| CN108282477B (en) | Service data sharing method and device based on SaaS cloud platform | |
| US10255558B1 (en) | Managing knowledge-based authentication systems | |
| WO2020228564A1 (en) | Application service method and device | |
| CN109753769A (en) | A kind of software authorization method and system based on block chain | |
| CN107172106B (en) | Security information interaction method and system | |
| CN114553573A (en) | Identity authentication method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210702 |