CN113114674A - Service access method, device, equipment and storage medium - Google Patents
Service access method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN113114674A CN113114674A CN202110389671.1A CN202110389671A CN113114674A CN 113114674 A CN113114674 A CN 113114674A CN 202110389671 A CN202110389671 A CN 202110389671A CN 113114674 A CN113114674 A CN 113114674A
- Authority
- CN
- China
- Prior art keywords
- task
- user
- target
- access
- permission
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 56
- 230000004044 response Effects 0.000 claims abstract description 13
- 238000004590 computer program Methods 0.000 claims description 14
- 238000013475 authorization Methods 0.000 claims description 12
- 238000012545 processing Methods 0.000 claims description 6
- 238000010586 diagram Methods 0.000 description 6
- 238000012795 verification Methods 0.000 description 4
- 238000011161 development Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000013507 mapping Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The application relates to a service access method, a device, equipment and a storage medium. The method comprises the following steps: acquiring a current task selected by a user in a service system; in response to receiving an access request of a user for a target business object, determining task permission information associated with the current task; and when the user is determined to have the access right of the target business object according to the task authority information, executing corresponding access operation. The access operation of the user is controlled through the task authority information associated with the current task selected by the user, so that the user cannot access the service system and the data resource which are irrelevant to the current task in the service platform, and the access safety of the service system is improved.
Description
Technical Field
The present application relates to the field of information security technologies, and in particular, to a method, an apparatus, a device, and a storage medium for service access.
Background
It is well known that information security is crucial to business systems. The information security mainly comprises network security, data security, application security, behavior security, service security and the like, and more security forms can appear in the future. In order to ensure the security of the service system, the authority management is usually adopted to control the service operations that the user can perform in the service system. However, the traditional access method still cannot meet the business requirement in the aspect of security.
Disclosure of Invention
Based on this, embodiments of the present application provide a service access method, apparatus, device, and storage medium.
In a first aspect, an embodiment of the present application provides a service access method, including:
acquiring a current task selected by a user in a service system;
in response to receiving an access request of a user for a target business object, determining task permission information associated with the current task;
and when the user is determined to have the access right of the target business object according to the task authority information, executing corresponding access operation.
In a second aspect, an embodiment of the present application provides a service access apparatus, including:
the first acquisition module is used for acquiring a current task selected by a user in a service system;
the first determination module is used for determining task authority information associated with the current task in response to receiving an access request of a user for a target business object;
and the processing module is used for executing corresponding access operation when the user is determined to have the access right of the target business object according to the task authority information.
In a third aspect, an embodiment of the present application provides a service access device, including a memory and a processor, where the memory stores a computer program, and the processor implements the steps of the service access method provided in the first aspect of the embodiment of the present application when executing the computer program.
In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of the service access method provided in the first aspect of the embodiment of the present application.
According to the service access method, the service access device, the service access equipment and the storage medium, after the current task selected by the user in the service system is obtained, the task authority information associated with the current task is determined in response to the fact that the access request of the user for the target service object is received, and corresponding access operation is executed when the user is determined to have the access authority of the target service object according to the task authority information. The access operation of the user is controlled through the task authority information associated with the current task selected by the user, so that the user cannot access the service system and the data resource which are irrelevant to the current task in the service platform, and the access safety of the service system is improved.
Drawings
Fig. 1 is a schematic system structure diagram of an application of a service access method according to an embodiment of the present application;
fig. 2 is a schematic flowchart of a service access method according to an embodiment of the present application;
fig. 3 is a schematic flowchart of a process for establishing an association relationship between a work task and task permission information according to an embodiment of the present application;
FIG. 4 is a flowchart illustrating an initial right authorization process provided by an embodiment of the present application;
fig. 5 is a schematic structural diagram of a service access device according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of a service access device according to an embodiment of the present application.
Detailed Description
The service access method provided by the embodiment of the application can be applied to the system architecture diagram shown in fig. 1. As shown in fig. 1, the system may include a client 101 and a business server 102. The client 101 accesses a service on the service server 102, and optionally, the service may be a control of a static object such as a menu, a button, and an interface, or may be a data recording-level operation such as query, deletion, update, and analysis of service system data. The service server 102 authenticates the client 101 and controls service access of the client 101 with its associated functional rights and data rights. Optionally, the client 101 includes, but is not limited to, a smart phone, a tablet computer, an e-book reader, a vehicle-mounted terminal, and the like. The service server 102 may be an independent server or a server cluster, and the embodiment of the present application does not limit the specific forms of the client 101 and the service server 102.
It should be noted that the execution subject of the method embodiments described below may be a service access device, and the device may be implemented by software, hardware, or a combination of software and hardware to be part or all of a service access device (the service access device may be the service server 102 described above, and for convenience of description, the service access device is simply referred to as an electronic device hereinafter). The method embodiments described below are described by taking as an example that the execution subject is an electronic device.
In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions in the embodiments of the present application are further described in detail by the following embodiments in combination with the accompanying drawings. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
Fig. 2 is a schematic flowchart of a service access method according to an embodiment of the present application. The embodiment relates to a specific process of how the electronic device performs access authority control based on a current task selected by a user. As shown in fig. 2, the method may include:
s201, acquiring a current task selected by a user in a service platform.
The current task refers to a work task which needs to be processed at this time, and the access of the user to the service platform each time can be managed as one work task. Generally, in order to complete one work task, multiple business systems (also referred to as business applications) in a business platform and corresponding data in the business systems may need to be accessed, and business systems and data objects corresponding to different work tasks may be different. For example, it is assumed that the service platform includes a plurality of service systems, which are respectively a service system 1, a service system 2, a service system 3, and a service system 4, and meanwhile, a plurality of work tasks, which are respectively a work task 1 and a work task 2, are stored in the service platform in advance. In order to complete the work task 1, the service system 1 and the service system 2 in the service platform and corresponding data resources in the service system 1 and the service system 2 need to be accessed, and in order to complete the work task 2, the service system 3 and the service system 4 in the service platform and corresponding data resources in the service system 3 and the service system 4 need to be accessed.
Based on the method, when a user needs to access the service system and the data resources in the service platform, the current work task needing to be handled can be selected in the service platform. Optionally, after the user logs in the service platform, each work task stored in the service platform may be displayed in the current page in a form of a list, meanwhile, a selection control is provided at a position corresponding to each work task, a selection operation generated by the user triggering the selection control is detected, the corresponding work task is selected according to the selection operation, and thus the current task selected by the user is obtained.
In some embodiments, in order to further improve the access security of the business system, optionally, before the step S201, the electronic device may further verify the validity of the identity information of the user. After the verification passes, the above S201 is performed. And if the verification is not passed, the user is denied access to the service platform.
S202, in response to receiving an access request of a user for a target business object, determining task authority information associated with the current task.
The target service object refers to a service object to be accessed, and may be an xx service system in a service platform or a yy data resource in an xx service system. The task authority information is information of an access authority given to the user to complete the current task. The access rights granted to the user are different for different work tasks.
Optionally, the task permission information may include a set of applications and/or a set of data objects that the user associated with the current task is allowed to access. The application set includes applications that the user is allowed to access in order to complete the current task, for example, the application set includes a business system 1 and a business system 2, that is, the applications that the user is allowed to access in the process of completing the current task are the business system 1 and the business system 2. The data object set includes data objects that the user is allowed to access in order to complete the current task, for example, a data right "hrbp 1", and assuming that the data right of hrbp1 is "user. That is, the data rights define which data objects the user has access to in the business system, colloquially, the set of data objects defines which data objects the user can access in the business system in the course of completing the current task.
Meanwhile, the service platform stores mapping relations between the work tasks and the task authority information in advance, and when an access request of a user for a target service object is received, the electronic equipment determines the task authority information corresponding to the current task from the preset mapping relations in response to the received access request of the user for the target service object.
S203, when the user is determined to have the access right of the target business object according to the task authority information, executing corresponding access operation.
After determining the task authority information associated with the current task, the electronic equipment determines whether the user has the access authority of the target business object according to the task authority information, and if so, executes corresponding access operation; and if not, rejecting the access operation of the user.
In practical application, the object of the current access operation of the user may be a certain service application (i.e., a service system) in the service platform, and may also be a certain data resource in the access service platform. When the access objects corresponding to the access operations are different, the access operations executed by the electronic equipment are also different. Based on this, on the basis of the foregoing embodiment, optionally, when the target business object is a target application in a business system, the process of S203 may be: when the target business object is a target application in a business system, matching the target application with the application set; and if so, sending the page data of the target application to a client corresponding to the user so as to enable the client to display the target application.
The electronic equipment matches the target application with the application set associated with the current task, and the application set stores all applications which are allowed to be accessed by a user for completing the current task, so that if the target application is matched in the application set, the user is indicated to have the access authority of the target application, at the moment, the electronic equipment can send page data of the target application to the client, and the client renders the page data, so that the target application is displayed to the user.
Optionally, when the target business object is a target data object in a business system, the process of S203 may be: matching the target data object with the set of data objects; and if so, displaying the data record matched with the target data object.
The electronic device matches the target data object with the data object set associated with the current task, and the data object set stores the data objects which are allowed to be accessed by the user for completing the current task, so that if the target data object is matched in the data object set, the user is indicated to have the access authority of the target data object, and at the moment, the electronic device can display the data record corresponding to the target data object to the user.
Continuing to take the data authority of "user, depth ═ sales'" as an example, assuming that the data object set associated with the current task includes the data authority, when the target business object accessed by the user is employee data of the sales department, since the data object set associated with the current task includes the target business object, after detecting the access operation of the user to the target business object, the electronic device can directly display the employee data of the sales department. When the target service object accessed by the user is not contained in the data object set associated with the current task, the electronic equipment refuses the access operation of the user and can output prompt information to prompt the user to have no access right.
In summary, according to the above technical solution, since the current task selected by the user has the task permission information already bound, that is, the application resources and the data resources that the user is allowed to access during the process of completing the current task are specifically defined. When the user accesses some service systems and data resources which are irrelevant to the current task, the electronic equipment refuses the access operation of the user, so that the access safety of the service systems is improved.
According to the service access method provided by the embodiment of the application, after the current task selected by the user in the service system is obtained, the task authority information associated with the current task is determined in response to the received access request of the user for the target service object, and when the user is determined to have the access authority of the target service object according to the task authority information, the corresponding access operation is executed. The access operation of the user is controlled through the task authority information associated with the current task selected by the user, so that the user cannot access the service system and the data resource which are irrelevant to the current task in the service platform, and the access safety of the service system is improved.
Fig. 3 is a schematic flowchart of a process for establishing an association relationship between a work task and task permission information according to an embodiment of the present application. On the basis of the foregoing embodiment, as shown in fig. 3, before the foregoing S201, the method may further include:
s301, receiving a task creation request of the user, and sending the task creation request to a corresponding approver.
The task creating request is used for creating a target task, and the task creating request comprises a requirement authority applied for the target task. The required authority can be understood as the access authority required by the user to complete the target task, including the required data authority and the service operation authority.
When a user needs to access application resources and data resources in a service platform and no corresponding work task exists in the service platform, the user can trigger task creation operation and apply for the work task corresponding resources, wherein the resources comprise the data resources, the application resources, the use purposes of the resources and the like required by the work task. After detecting the task creating operation of the user, the client side where the user is located sends a task creating request to the electronic equipment. After receiving a task creation request of a user, the electronic device creates a target task and sends the task creation request to a corresponding approver.
S302, obtaining the approval result of the approver aiming at the task creation request.
Wherein, the approval result comprises the grant authority granted to the target task. The service platform is pre-configured with a corresponding approval process, and after receiving a task creation request of a user, the electronic device can send the task creation request to a corresponding approver according to the configured approval process. And the approver approves the requirement authority applied by the user. At the moment, the service platform sets corresponding approval authorities for the approvers in advance, and different approvers have different approval authorities, so that the approvers can approve based on the approval authorities owned by the approvers and give corresponding grant authorities to the target tasks. Of course, the approver can also give corresponding granting permission to the target task based on the actual development requirement of the project.
S303, determining target task permission information finally configured for the target task according to the initial permission, the requirement permission and the authorization permission associated with the user.
The initial authority refers to an access authority preset for a user in the service platform, and meanwhile, the initial authority comprises an authority for accessing data in a specified range and an authority for accessing specified service application in the service platform. In practical applications, a Role Base Access Control (RBAC) policy may be adopted to set Access rights for a user. In one embodiment, a process for authorizing the initial rights is also provided.
Optionally, before the step S301, as shown in fig. 4, the method further includes:
s401, creating the initial authority.
S402, configuring the corresponding relation between the initial authority and the identity information, and distributing the identity information to the user.
And after the initial authority is established, associating the initial authority with the corresponding identity information in the service system. After the initial authority is assigned to the identity information, further according to the actual situation, each identity information is assigned to the corresponding user of the service operation, and a user identity configuration table as shown in table 1 is established to correspond each user to the corresponding identity information. The distribution of the initial authority can be clearer and easier to maintain through the distribution of the identity information corresponding to the user, so that the problem that the initial authority is maintained disorderly frequently due to the fact that the initial authority is directly associated with the user is solved.
TABLE 1
| Serial number | Field definitions | Description of the invention |
| 1 | User account | |
| 2 | Identity number | |
| 3 | … |
After the initial permission associated with the user is obtained, the electronic device may re-determine the minimum permission information that the user is allowed to access to complete the target task according to the initial permission associated with the user, the requirement permission applied by the user, and the authorization permission approved by the approver.
As an alternative implementation, the process of S303 may be: and performing intersection operation on the initial permission, the demand permission and the authorization permission associated with the user to obtain target task permission information finally configured for the target task.
S304, the target task permission information and the target task are stored in a correlation mode.
Illustratively, continuing to take the example that the service platform includes 4 service systems in S201, it is assumed that the requirement authority applied by the user for the target task is "access authority having service system 1, service system 2, and service system 3" and "access authority having employee data of sales department and development department". The electronic equipment sends the task creating request to a corresponding approver, and the approver approves the required authority applied by the user. Suppose that the granting permission granted by the electronic equipment for the target task by the approver is "access permission with the business system 1 and the business system 2 and access permission with employee data of the sales department". Meanwhile, it is assumed that the initial authority associated with the user is "access authority having the business system 1, the business system 2, the business system 3, and the business system 4" and access authority having "employee data of sales department and development department". In this way, the electronic device performs intersection operation on the initial authority associated with the user, the requirement authority applied by the user and the granted authority approved by the approver, and the obtained target task authority information is 'access authority with the business system 1 and the business system 2 and access authority with employee data of the sales department'. And meanwhile, the obtained target task authority information and the created target task are stored in a correlation mode.
Of course, in practical applications, the target task permission information associated with the target task may also be dynamically modified based on actual requirements. Optionally, any of the demand rights, the grant rights, and the initial rights associated with the user may be modified. After any of the above rights modifications, the target task rights information may be recalculated according to the above process. Taking the modification of the requirement authority as an example, the user applies the requirement authority for the target task again, and after the initial authority associated with the granted authority and the user is obtained, the minimum authority information which is allowed to be accessed by the user for completing the target task is determined again. In addition, after the target task is completed, the association relationship between the target task and the target task authority information can be released, and the target task authority information can be deleted to release the storage space.
In this embodiment, the electronic device can create each work task based on a task creation request of a user, and can re-determine minimum authority information that the user is allowed to access to complete a target task and establish an association relationship between the target task and the target task authority information based on a requirement authority applied by the user, an authorization authority granted by an approver, and an initial authority associated with the user. By establishing the binding relationship between the target task authority information and the target task, the access to the service application and the data resource is strongly related to the execution of the corresponding work task, the problem that a user accesses some service systems and data resources which are irrelevant to the service work is avoided, and the access safety of the service system is further improved.
Fig. 5 is a schematic structural diagram of a service access device according to an embodiment of the present application. As shown in fig. 5, the apparatus may include: a first obtaining module 501, a first determining module 502 and a processing module 503.
Specifically, the first obtaining module 501 is configured to obtain a current task selected by a user in a service platform;
the first determining module 502 is configured to determine task permission information associated with the current task in response to receiving an access request of a user for a target business object;
the processing module 503 is configured to execute a corresponding access operation when it is determined that the user has the access right of the target service object according to the task right information.
The service access device provided by the embodiment of the application, after acquiring the current task selected by the user in the service system, determines the task authority information associated with the current task in response to receiving the access request of the user for the target service object, and executes the corresponding access operation when determining that the user has the access authority of the target service object according to the task authority information. The access operation of the user is controlled through the task authority information associated with the current task selected by the user, so that the user cannot access the service system and the data resource which are irrelevant to the current task in the service platform, and the access safety of the service system is improved.
On the basis of the foregoing embodiment, optionally, the apparatus further includes: the device comprises a receiving module, a sending module, a second obtaining module, a second determining module and a storage module.
Specifically, the receiving module is configured to receive a task creation request of a user before the first obtaining module 501 obtains a current task selected by the user in the service system; the task creating request is used for creating a target task, and the task creating request comprises a requirement authority applied for the target task;
the sending module is used for sending the task creating request to a corresponding approver;
the second acquisition module is used for acquiring the approval result of the approver for the task creation request; wherein the approval result comprises an authorization authority granted to the target task;
the second determining module is used for determining target task permission information finally configured for the target task according to the initial permission, the requirement permission and the authorization permission associated with the user;
and the storage module is used for storing the target task permission information and the target task in a correlation manner.
On the basis of the foregoing embodiment, optionally, the second determining module is specifically configured to perform an intersection operation on the initial permission, the demand permission, and the authorization permission associated with the user, so as to obtain target task permission information finally configured for the target task.
Optionally, the task permission information includes a set of applications and/or a set of data objects that the user associated with the current task is allowed to access.
On the basis of the foregoing embodiment, optionally, the processing module 503 is specifically configured to, when the target business object is a target application in a business system, match the target application with the application set; if the matching is successful, sending the page data of the target application to a client corresponding to the user so that the client can display the target application;
the processing module 503 is specifically configured to, when the target business object is a target data object in a business system, match the target data object with the set of data objects; and if so, displaying the data record matched with the target data object.
On the basis of the foregoing embodiment, optionally, the apparatus further includes: and a verification module.
Specifically, the verification module is configured to verify the validity of the identity information of the user before the first obtaining module 501 obtains the current task selected by the user in the service system.
On the basis of the foregoing embodiment, optionally, the apparatus further includes: a creation module and an association module.
Specifically, the creating module is configured to create the initial permission before the receiving module receives the task creating request of the user;
and the association module is used for configuring the corresponding relation between the initial authority and the identity information and distributing the identity information to the user.
In one embodiment, a service access device is provided, the internal structure of which may be as shown in fig. 6. The device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the device is configured to provide computing and control capabilities. The memory of the device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the device is used to store data involved in the service access process. The network interface of the device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a service access method.
It will be understood by those skilled in the art that the structure shown in fig. 6 is a block diagram of only a part of the structure related to the present application, and does not constitute a limitation to the service access device to which the present application is applied, and a specific service access device may include more or less components than those shown in the figure, or combine some components, or have a different arrangement of components.
In one embodiment, there is provided a service access device comprising a memory and a processor, the memory having stored therein a computer program, the processor implementing the following steps when executing the computer program:
acquiring a current task selected by a user in a service platform;
in response to receiving an access request of a user for a target business object, determining task permission information associated with the current task;
and when the user is determined to have the access right of the target business object according to the task authority information, executing corresponding access operation.
In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, which when executed by a processor, performs the steps of:
acquiring a current task selected by a user in a service platform;
in response to receiving an access request of a user for a target business object, determining task permission information associated with the current task;
and when the user is determined to have the access right of the target business object according to the task authority information, executing corresponding access operation.
The service access device, the equipment and the storage medium provided in the above embodiments can execute the service access method provided in any embodiment of the present application, and have corresponding functional modules and beneficial effects for executing the method. Technical details that are not described in detail in the above embodiments may be referred to a service access method provided in any embodiment of the present application.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the present application. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. A method for service access, comprising:
acquiring a current task selected by a user in a service platform;
in response to receiving an access request of a user for a target business object, determining task permission information associated with the current task;
and when the user is determined to have the access right of the target business object according to the task authority information, executing corresponding access operation.
2. The method of claim 1, wherein prior to said obtaining a current task selected by a user in a business system, the method further comprises:
receiving a task creation request of the user, and sending the task creation request to a corresponding approver; the task creating request is used for creating a target task, and the task creating request comprises a requirement authority applied for the target task;
obtaining an approval result of the approver for the task creation request; wherein the approval result comprises an authorization authority granted to the target task;
determining target task permission information finally configured for the target task according to the initial permission, the demand permission and the authorization permission associated with the user;
and performing associated storage on the target task permission information and the target task.
3. The method according to claim 2, wherein the determining target task permission information finally configured for the target task according to the initial permission, the demand permission, and the authorization permission associated with the user comprises:
and executing intersection operation on the initial permission, the demand permission and the authorization permission associated with the user to obtain target task permission information finally configured for the target task.
4. The method of claim 1, wherein the task permission information comprises a set of applications and/or a set of data objects that the user associated with the current task is allowed to access.
5. The method according to claim 4, wherein when it is determined that the user has the access right of the target business object according to the task authority information, performing a corresponding access operation comprises:
when the target business object is a target application in a business system, matching the target application with the application set; if the matching is successful, sending the page data of the target application to a client corresponding to the user so that the client can display the target application;
when the target business object is a target data object in a business system, matching the target data object with the data object set; and if so, displaying the data record matched with the target data object.
6. The method according to any of claims 1 to 5, wherein before said obtaining a current task selected by a user in a business system, the method further comprises:
and verifying the legality of the identity information of the user.
7. The method of any of claims 2-5, wherein prior to said receiving a task creation request of said user, said method further comprises:
creating the initial permission;
and configuring the corresponding relation between the initial authority and the identity information, and distributing the identity information to the user.
8. A service access device, comprising:
the first acquisition module is used for acquiring the current task selected by the user in the service platform;
the first determination module is used for determining task authority information associated with the current task in response to receiving an access request of a user for a target business object;
and the processing module is used for executing corresponding access operation when the user is determined to have the access right of the target business object according to the task authority information.
9. A service access device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor, when executing the computer program, implements the steps of the method of any of claims 1 to 7.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110389671.1A CN113114674A (en) | 2021-04-12 | 2021-04-12 | Service access method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110389671.1A CN113114674A (en) | 2021-04-12 | 2021-04-12 | Service access method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113114674A true CN113114674A (en) | 2021-07-13 |
Family
ID=76715675
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110389671.1A Pending CN113114674A (en) | 2021-04-12 | 2021-04-12 | Service access method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113114674A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113794697A (en) * | 2021-08-27 | 2021-12-14 | 北京深思数盾科技股份有限公司 | Information processing method, system and storage medium based on proxy service |
| CN114239015A (en) * | 2021-12-15 | 2022-03-25 | 成都飞机工业(集团)有限责任公司 | Data security management method and device, data cloud platform and storage medium |
| CN115577381A (en) * | 2022-12-09 | 2023-01-06 | 云粒智慧科技有限公司 | Line-level data access method and device and electronic equipment |
| CN116630107A (en) * | 2023-07-21 | 2023-08-22 | 广东南方电信规划咨询设计院有限公司 | Method and device for providing needed access information for user |
| CN114239015B (en) * | 2021-12-15 | 2024-06-07 | 成都飞机工业(集团)有限责任公司 | Data security management method and device, data cloud platform and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110807185A (en) * | 2019-11-01 | 2020-02-18 | 北京金山云网络技术有限公司 | System access method, device and server |
| CN110874219A (en) * | 2019-11-14 | 2020-03-10 | 珠海西山居移动游戏科技有限公司 | Task authority control method and device |
| CN111695156A (en) * | 2020-06-15 | 2020-09-22 | 北京同邦卓益科技有限公司 | Service platform access method, device, equipment and storage medium |
| CN112632575A (en) * | 2020-12-22 | 2021-04-09 | 平安普惠企业管理有限公司 | Authority management method and device of business system, computer equipment and storage medium |
-
2021
- 2021-04-12 CN CN202110389671.1A patent/CN113114674A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110807185A (en) * | 2019-11-01 | 2020-02-18 | 北京金山云网络技术有限公司 | System access method, device and server |
| CN110874219A (en) * | 2019-11-14 | 2020-03-10 | 珠海西山居移动游戏科技有限公司 | Task authority control method and device |
| CN111695156A (en) * | 2020-06-15 | 2020-09-22 | 北京同邦卓益科技有限公司 | Service platform access method, device, equipment and storage medium |
| CN112632575A (en) * | 2020-12-22 | 2021-04-09 | 平安普惠企业管理有限公司 | Authority management method and device of business system, computer equipment and storage medium |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113794697A (en) * | 2021-08-27 | 2021-12-14 | 北京深思数盾科技股份有限公司 | Information processing method, system and storage medium based on proxy service |
| CN114239015A (en) * | 2021-12-15 | 2022-03-25 | 成都飞机工业(集团)有限责任公司 | Data security management method and device, data cloud platform and storage medium |
| CN114239015B (en) * | 2021-12-15 | 2024-06-07 | 成都飞机工业(集团)有限责任公司 | Data security management method and device, data cloud platform and storage medium |
| CN115577381A (en) * | 2022-12-09 | 2023-01-06 | 云粒智慧科技有限公司 | Line-level data access method and device and electronic equipment |
| CN116630107A (en) * | 2023-07-21 | 2023-08-22 | 广东南方电信规划咨询设计院有限公司 | Method and device for providing needed access information for user |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113114674A (en) | Service access method, device, equipment and storage medium | |
| US20200028838A1 (en) | Account authentication method for cloud storage, and server | |
| CN110851274B (en) | Resource access control method, device, equipment and storage medium | |
| US7353282B2 (en) | Methods and systems for sharing a network resource with a user without current access | |
| CN106330958B (en) | Secure access method and device | |
| CN111191221A (en) | Method and device for configuring authority resources and computer readable storage medium | |
| CN110647540A (en) | Business data query method and device, computer equipment and storage medium | |
| CN110083384B (en) | Application programming interface creating method and device | |
| CN110839014B (en) | Authentication method, authentication device, computer equipment and readable storage medium | |
| CN105516055B (en) | Data access method, access device, target device and management server | |
| CN112860778B (en) | Database management method, device, equipment and medium for desktop application program | |
| CN110727935B (en) | Single sign-on method, system, computer device and storage medium | |
| CN111898102A (en) | Authority configuration method and device, computer equipment and storage medium | |
| CN109543448B (en) | HDFS file access authority control method, device and storage medium | |
| CN108763888B (en) | User profile processing method and device, computer equipment and storage medium | |
| CN113949579A (en) | Website attack defense method and device, computer equipment and storage medium | |
| CN112104671B (en) | Interface authorization monitoring method and device, computer equipment and storage medium | |
| CN112559352A (en) | Interface test method, device, equipment and storage medium | |
| CN111898110A (en) | Method, device, server and storage medium for acquiring user identity information | |
| CN110597843A (en) | Waybill query method and device, computer equipment and storage medium | |
| CN108965335B (en) | Method for preventing malicious access to login interface, electronic device and computer medium | |
| CN113296657B (en) | Dangerous authority management method, device, equipment and storage medium of android system | |
| CN113849798A (en) | Secure login authentication method, system, computer equipment and storage medium | |
| CN113742023A (en) | Authority configuration method and device, computer equipment and storage medium | |
| CN115935328A (en) | Resource access control method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210713 |