CN113407526A - Authority data analysis method, management device and storage medium - Google Patents

Authority data analysis method, management device and storage medium Download PDF

Info

Publication number
CN113407526A
CN113407526A CN202011311990.2A CN202011311990A CN113407526A CN 113407526 A CN113407526 A CN 113407526A CN 202011311990 A CN202011311990 A CN 202011311990A CN 113407526 A CN113407526 A CN 113407526A
Authority
CN
China
Prior art keywords
data
authority
analysis
management system
analysis result
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011311990.2A
Other languages
Chinese (zh)
Inventor
彭永勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Meiyun Zhishu Technology Co ltd
Original Assignee
Guangdong Meiyun Zhishu Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Meiyun Zhishu Technology Co ltd filed Critical Guangdong Meiyun Zhishu Technology Co ltd
Priority to CN202011311990.2A priority Critical patent/CN113407526A/en
Publication of CN113407526A publication Critical patent/CN113407526A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2282Tablespace storage structures; Management thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2457Query processing with adaptation to user needs
    • G06F16/24578Query processing with adaptation to user needs using ranking
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/25Integrating or interfacing systems involving database management systems
    • G06F16/254Extract, transform and load [ETL] procedures, e.g. ETL data flows in data warehouses
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • G06Q10/103Workflow collaboration or project management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Abstract

The application discloses an analysis method, a management device and a storage medium of authority data, wherein the analysis method of the authority data comprises the following steps: acquiring first authority data of a first authority management system; performing multi-dimensional analysis on the first authority data to obtain a plurality of first data analysis results; wherein the multidimensional analysis comprises at least one of authorized object analysis, authorized scope analysis and authorized content analysis; and generating a permission data analysis report according to the plurality of first data analysis results. By the method, the problem of authority management can be accurately positioned.

Description

Authority data analysis method, management device and storage medium
Technical Field
The present application relates to the technical field of rights data management, and in particular, to a method for analyzing rights data, a management device, and a storage medium.
Background
The authority management system is widely applied to Enterprise management, such as an ERP (Enterprise Resource Planning) system and an OA (Office Automation) system. The ERP system is a management platform which is established on the basis of information technology, integrates the information technology and advanced management ideas, and provides decision means for enterprise employees and decision layers by using a systematized management idea. The OA system is a novel office mode formed by applying the modernization technologies such as computer and communication to the traditional office mode. The office automation utilizes modern equipment and informatization technology to replace partial manual or repetitive business activities of office workers, processes office affairs and business information with high quality and high efficiency, realizes high-efficiency utilization of information resources, further achieves the purposes of improving productivity and assisting decision, and improves working efficiency and quality and working environment to the maximum extent.
The setting and management of various rights to employees within an enterprise are involved in such rights management systems. Because of the wide variety of rights management systems, an enterprise may have multiple operating rights management systems at the same time, and how to perform unified management on these systems becomes a problem to be solved urgently.
Disclosure of Invention
In order to solve the above problems, the present application provides an analysis method, a management device, and a storage medium for permission data, which can improve the collection efficiency of permission data.
The technical scheme adopted by the application is as follows: provided is a method for analyzing rights data, the method including: acquiring first authority data of a first authority management system; performing multi-dimensional analysis on the first authority data to obtain a plurality of first data analysis results; wherein the multidimensional analysis comprises at least one of authorized object analysis, authorized scope analysis and authorized content analysis; and generating a permission data analysis report according to the plurality of first data analysis results.
The method includes the following steps of performing multidimensional analysis on first authority data to obtain a plurality of first data analysis results, wherein the multidimensional analysis includes: inquiring multidimensional characteristic data from the first authority data; and analyzing the multi-dimensional characteristic data respectively to obtain a plurality of first data analysis results.
The method for querying the multidimensional feature data from the first authority data comprises the following steps: running a plurality of query models in parallel, and respectively querying feature data of corresponding dimensionality from the first authority data; analyzing the multi-dimensional characteristic data respectively to obtain a plurality of first data analysis results, including: and operating a plurality of analysis models, and analyzing the feature data of one dimension obtained by each query model respectively to obtain a plurality of first data analysis results.
Wherein, the method further comprises: acquiring second authority data of a second authority management system; the first authority management system and the second authority management system are the same authority management system, and the first authority data and the second authority data are obtained data in different batches; performing multi-dimensional analysis on the second authority data to obtain a plurality of second data analysis results; and comparing the first data analysis result with the second data analysis result to obtain a first comparison analysis result.
Wherein, the method further comprises: acquiring third authority data of a third authority management system; the first authority management system and the third authority management system are different and are used for carrying out authority data management on the same object group; performing multi-dimensional analysis on the third permission data to obtain a plurality of third data analysis results; and comparing the first data analysis result with the third data analysis result to obtain a second comparative analysis result.
Wherein, the method further comprises: acquiring fourth authority data of a fourth authority management system; the first right management system and the fourth right management system are the same right management system and are used for respectively managing the right data of different object groups; performing multi-dimensional analysis on the fourth permission data to obtain a plurality of fourth data analysis results; and comparing the first data analysis result with the fourth data analysis result to obtain a third comparative analysis result.
Wherein, according to a plurality of first data analysis results, generating an authority data analysis report, comprising: generating a character analysis result and a chart analysis result according to the plurality of first data analysis results; and combining the character analysis result and the chart analysis result to obtain a final analysis result.
Wherein, the method further comprises: comparing the analysis result with a corresponding preset boundary value; and detecting and confirming that the analysis result does not meet the preset boundary value requirement, and providing a rectification suggestion for the authority data of the dimension corresponding to the analysis result.
Another technical scheme adopted by the application is as follows: there is provided a rights data management device comprising a processor and a memory, the memory for storing program data and the processor for executing the program data to implement a method as described above.
Another technical scheme adopted by the application is as follows: there is provided a computer readable storage medium having stored therein program data for implementing the method as described above when executed by a processor.
The method for analyzing the authority data comprises the following steps: acquiring first authority data of a first authority management system; performing multi-dimensional analysis on the first authority data to obtain a plurality of first data analysis results; wherein the multidimensional analysis comprises at least one of authorized object analysis, authorized scope analysis and authorized content analysis; and generating a permission data analysis report according to the plurality of first data analysis results. By the mode, the authority data can be comprehensively analyzed from a plurality of angles, the multi-angle problem of the authority data can be detected, and enterprises can find the problems of authority management in time to correct and modify the problems in time.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts. Wherein:
fig. 1 is a schematic flow chart of a first embodiment of a method for acquiring authority data provided by the present application;
FIG. 2 is a schematic flow chart diagram illustrating a second embodiment of a method for acquiring rights data provided by the present application;
FIG. 3 is a flowchart illustrating a first embodiment of a method for analyzing rights data provided by the present application;
FIG. 4 is a schematic illustration of an analytical model provided herein;
FIG. 5 is a flowchart illustrating a first embodiment of a method for synchronizing rights data provided by the present application;
FIG. 6 is a flowchart illustrating a second embodiment of a method for synchronizing rights data provided by the present application;
FIG. 7 is a flowchart illustrating a third embodiment of a method for synchronizing rights data provided by the present application;
FIG. 8 is a flowchart illustrating a fourth embodiment of a method for synchronizing rights data provided by the present application;
fig. 9 is a flowchart illustrating a first embodiment of a method for managing rights data provided by the present application;
FIG. 10 is a schematic diagram illustrating an embodiment of a rights data management device according to the present application;
FIG. 11 is a schematic structural diagram of an embodiment of a computer-readable storage medium provided in the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application. It is to be understood that the specific embodiments described herein are merely illustrative of the application and are not limiting of the application. It should be further noted that, for the convenience of description, only some of the structures related to the present application are shown in the drawings, not all of the structures. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The terms "first", "second", etc. in this application are used to distinguish between different objects and not to describe a particular order. Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or apparatus.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.
Referring to fig. 1, fig. 1 is a schematic flow chart of a first embodiment of a method for acquiring rights data provided by the present application, where the method is mainly applied to acquiring basic rights data in a rights management system, and the method includes:
step 11: and acquiring an authority data acquisition instruction.
It is understood that, in the present embodiment, a data collection tool may be developed for performing the data collection method in the present embodiment. The collection tool may include an activation button, and the permission data collection may be achieved by operating the activation button.
Step 12: determining the dimensionality of the authority data in the authority management system based on the authority data acquisition instruction; the dimension of the authority data at least comprises one of user information, user classification and authority information.
Optionally, in an embodiment, the user information may include a user name, an ID (Identity document), a birth date, a native place, and the like, and may further include a scholarship, an enrollment time, and the like; the user classification can comprise organization, post, group, service role, system authority, system resource and the like of the user in the enterprise; the rights information may include user authorization, organization authorization, post authorization, group authorization, and the like.
For example, a general authority may be automatically authorized according to the user after entering into work to create an account, and the organization authorization, the post authorization, and the group authorization may be automatically authorized according to the organization, the post, and the group of the user, for example, if the post of the user is "administrative management", then the authorization in the aspect of "administrative management" may be automatically performed on the user after determining the post of the user. The group authorization is performed automatically after the user joins a group, for example, an enterprise creates an item group for a certain item, invites some users to join the group, and after joining the group, the some users are automatically performed with the group authorization.
In this embodiment, the dimension of the permission data may include the user, organization, post, group, service role, system permission, system resource, user authorization, organization authorization, post authorization, group authorization, and the like.
Step 13: and starting a plurality of threads corresponding to the dimensionality of the authority data, and collecting the authority data of the corresponding dimensionality by utilizing each thread.
Because the authority data in the authority management system is numerous and complicated, especially for large enterprises, if only one channel is adopted for data acquisition, the data acquisition generally takes several hours, and the efficiency is low. In the embodiment, by starting a plurality of threads, each thread acquires authority data of one dimension, and the data acquisition efficiency is greatly improved.
Optionally, in an embodiment, the multiple threads are constructed in a thread pool, where the thread pool includes a core thread and a non-core thread. Specifically, in step 13, the number of core threads of the thread pool may be determined; and starting a plurality of core threads corresponding to the dimensionality of the authority data based on the number of the core threads.
In addition, after step 13, the method may further include:
step 14: detecting and confirming that a buffer queue corresponding to a first thread in the multiple threads reaches a target data volume, starting a second thread related to the first thread, and acquiring authority data of one dimension by using the first thread and the threads.
For example, the thread pool has 10 core threads and 10 non-core threads, and the number of the authority data dimensions is 8, then 8 core threads can be started to collect the authority data of 8 dimensions respectively. Optionally, each thread has a buffer queue, and if the buffer queue of a certain core thread is full, a non-core thread may be enabled to perform parallel acquisition on the dimension data, that is, a core thread and a non-core thread perform parallel acquisition on the same dimension thread data.
For another example, the thread pool has 10 core threads and 10 non-core threads, and the number of the authority data dimensions is 12, then 10 core threads may be started to collect the authority data of 10 dimensions, respectively, and the acquisition of the authority data of the other two dimensions may be suspended. Optionally, each thread has a buffer queue, and if the buffer queue of a certain core thread is full, a non-core thread may be enabled to perform parallel acquisition on the dimension data, that is, a core thread and a non-core thread perform parallel acquisition on the same dimension thread data.
Optionally, in an embodiment, after the permission data is collected, the collected permission data needs to be saved in a permission database, where the permission database is used to store and manage the permission data collected from each permission management system, and the permission database may also be called a permission center or a permission center station. The enterprise internet middle platform architecture is called a middle platform for short. In modern times, a middle stage corresponds to a front stage and a back stage, and refers to a set of middleware that is shared in some systems. Commonly found in website architectures, financial systems. Referring to fig. 2 in particular, fig. 2 is a schematic flow chart of a second embodiment of the method for acquiring authority data provided by the present application, and the method mainly includes:
step 21: and compressing the acquired authority data to obtain a compressed data packet.
Step 22: and importing the compressed data packet to a permission database.
Step 23: and decompressing the compressed data packet in the permission database.
Optionally, in an embodiment, before the compressed data packet is imported, the compressed data packet is further encrypted, and after the compressed data packet is imported, the compressed data packet is further decrypted.
Step 24: and storing the decompressed authority data to an authority database.
Specifically, after the acquired authority data are collected, the data are directly imported into an authority center in an encrypted and compressed packet mode, the authority center decompresses the data and then imports a large data container, each object independently constructs an index database, the index database is constructed in an enterprise ID + application ID + object ID mode, and the data of each batch are distinguished by batch IDs and then are stored in the same index database.
Understandably, the stored rights data can be queried directly in the rights database. In one mode, the authority data can be queried by inputting two search range information, for example, inputting "post + business role" to query, and displaying the queried authority data after the query is completed.
Different from the prior art, the method for acquiring authority data provided by the embodiment includes: acquiring an authority data acquisition instruction; determining the dimensionality of the authority data in the authority management system based on the authority data acquisition instruction; the dimensionality of the authority data at least comprises one of user information, user classification and authority information; and starting a plurality of threads corresponding to the dimensionality of the authority data, and collecting the authority data of the corresponding dimensionality by utilizing each thread. In the mode, the permission data in the permission management system are acquired by adopting a plurality of threads, the data acquisition time can be greatly saved when the threads run in parallel, and further, because each thread only acquires dimensional data, the permission data can be classified when the permission data are acquired, on one hand, the neatness of the data is ensured, and on the other hand, the data acquisition efficiency is improved.
Referring to fig. 3, fig. 3 is a schematic flow chart of a first embodiment of a method for analyzing authority data provided by the present application, where the method is mainly used to analyze the authority data of an authority center after the authority data in an authority management system is collected in the above embodiment, and the method includes:
step 31: first authority data of a first authority management system is obtained.
The first permission data includes multiple dimension data in the above embodiments, such as user, organization, post, group, service role, system permission, system resource, user authorization, organization authorization, post authorization, group authorization, and the like.
Step 32: performing multi-dimensional analysis on the first authority data to obtain a plurality of first data analysis results; wherein the multidimensional analysis comprises at least one of an authorized object analysis, an authorized scope analysis and an authorized content analysis.
It should be noted that the multidimensional analysis in the present embodiment does not correspond to the "dimension" in the multidimensional data in the foregoing embodiments, and the multidimensional analysis does not refer to performing separate analysis on each dimension of data, but performs analysis on the permission data through a plurality of different analysis angles.
Optionally, in an embodiment, step 32 may specifically include: inquiring multidimensional characteristic data from the first authority data; and analyzing the multi-dimensional characteristic data respectively to obtain a plurality of first data analysis results.
Specifically, as shown in fig. 4, fig. 4 is a schematic diagram of an analysis model provided by the present application, where a plurality of query models are run in parallel, and feature data of corresponding dimensions are queried from first authority data respectively; and operating a plurality of analysis models, and analyzing the feature data of one dimension obtained by each query model respectively to obtain a plurality of first data analysis results.
The following is detailed by several analytical models:
a. disable analysis (disabled objects grant valid permissions);
for example, the user a belongs to an object for which authorization is prohibited, but in the data analysis process, it is determined that the user a is authorized with valid rights.
b. Zombie analysis (free objects without any organization, post, or rights grant);
for example, user A does not have any organization, position, or group, and is not granted any permissions; or user a has joined an organization, station or group, but has not been granted any rights.
c. Redundant analysis (the definition of authority data has repeated codes and names, and the specification is not uniform);
for example, the ID of the user A and the ID of the user B are repeated, or a certain unique authority is granted to two different users;
for example, if the naming convention is "username + ID", but some nomenclature is "ID + username", then the naming convention may be determined to be non-canonical.
d. Analysis with too large authorization scope (the role association organization scope covers a large range);
for example, user a is granted multiple rights, some of which are the rights that users in organization a should have, and some of which are the rights that users in organization b should have, resulting in an overly large scope of rights for user a. Specifically, a threshold value may be set, and for example, when the authorization range of the user a exceeds 3 organizations, the authorization range of the user a may be considered to be too large.
e. Analysis of authorization granularity (user or organization authorization role too large);
authorization granularity refers to the thickness of a certain authority. For example, user a may view reports for a certain department, and user B may view reports for all departments, then the authorization granularity of user B is greater than that of user a for the permission to view reports. In the present embodiment, whether the authorization role of each user is too large is determined by analyzing the authorization granularity of each user.
f. Common authority analysis (authority of various functional personnel) for various types of personnel;
and the enterprise has the authority of all the posts, such as the authority of viewing personal information, wage information, performance information, such as leave application, reimbursement application and the like.
g. Common authority analysis of various types of posts (the authority of various post personnel);
generally, the special authority of the post is pointed, for example, the financial post can view financial statements, the reimbursement sheet submitted by each person and the like, and the administrative post can view resume information and the like.
The above example is to analyze the rights data in the same rights management system of the same enterprise, and other ways may also include the following ways:
h. analysis by comparison (comparison of different physical examination batches in the system);
the same-proportion analysis mainly comprises the step of carrying out comparison analysis among a plurality of data analysis results of different batches of the same system. The method specifically comprises the following steps: acquiring second authority data of a second authority management system; the first authority management system and the second authority management system are the same authority management system, and the first authority data and the second authority data are obtained data in different batches; performing multi-dimensional analysis on the second authority data to obtain a plurality of second data analysis results; and comparing the first data analysis result with the second data analysis result to obtain a first comparison analysis result.
For example, a first batch of analysis determines that there is redundancy in the enterprise rights data, and a second batch of analysis determines that there is no redundancy in the enterprise rights data. The reasons for the different results of the two redundant analyses can be analyzed whether a clean-up of redundant data has been performed between the two batches. Further, due to the comparison of different batches, improvement and progress of the company in the management of the authority data can be reflected.
i. Ring ratio analysis (compare to other systems of the company);
the ring ratio analysis is mainly to perform comparative analysis between analysis results of different authority management systems (such as an ERP system and an OA system) of the same enterprise. The method specifically comprises the following steps: acquiring third authority data of a third authority management system; the first authority management system and the third authority management system are different and are used for carrying out authority data management on the same object group; performing multi-dimensional analysis on the third permission data to obtain a plurality of third data analysis results; and comparing the first data analysis result with the third data analysis result to obtain a second comparative analysis result.
For example, if the ERP system analysis result shows that the enterprise has the authority data redundancy problem, and the OA system analysis result shows that the enterprise does not have the authority data redundancy problem, it can be analyzed why such a difference exists between the two systems, whether the data acquisition stage is different or the data analysis stage is different, and the like. Further, it is also possible to analyze which system is more suitable for the company.
j. Line ratio analysis (compare with other companies and the same system).
The row ratio analysis is mainly the comparative analysis between the analysis results of the same authority management system of different enterprises. The method specifically comprises the following steps: acquiring fourth authority data of a fourth authority management system; the first right management system and the fourth right management system are the same right management system and are used for respectively managing the right data of different object groups; performing multi-dimensional analysis on the fourth permission data to obtain a plurality of fourth data analysis results; and comparing the first data analysis result with the fourth data analysis result to obtain a third comparative analysis result.
For example, company a and company B both use an ERP system to compare the authority data and analysis results of the two companies, and perform comparative analysis on the authority management of the two companies.
Step 33: and generating a permission data analysis report according to the plurality of first data analysis results.
It is understood that the data analysis result may be embodied in the form of digital data, graphs, tables, etc., and then the data, graphs, and tables are combined to generate the final analysis report.
Further, when an analysis report is generated, boundary value judgment may be further performed for each analysis result. For example, a boundary value is set for each analysis result, such as the boundary value of the redundant data is 10%, and when the result of the redundancy analysis shows that the redundant data exceeds 10%, a correction suggestion for the redundant data is excessive may be made, for example, the redundant data may be deleted.
Different from the prior art, the method for analyzing the permission data provided by the embodiment includes: acquiring first authority data of a first authority management system; performing multi-dimensional analysis on the first authority data to obtain a plurality of first data analysis results; wherein the multidimensional analysis comprises at least one of authorized object analysis, authorized scope analysis and authorized content analysis; and generating a permission data analysis report according to the plurality of first data analysis results. By the mode, the authority data can be comprehensively analyzed from a plurality of angles, the multi-angle problem of the authority data can be detected, and enterprises can find the problems of authority management in time to correct and modify the problems in time.
Referring to fig. 5, fig. 5 is a schematic flowchart of a first embodiment of the method for synchronizing authority data provided by the present application, and the method is mainly used for synchronizing the authority data of the authority management system and the authority database. It can be understood that, by collecting the authority data in the authority management system into the authority database through the above-mentioned embodiment, it is possible for any one of the authority management system and the authority database to generate a change of the authority data, and when one changes, it needs to be synchronized to the other, and this embodiment mainly synchronizes from the authority management system to the authority database. The method comprises the following steps:
step 51: and monitoring a log of the authority management system.
The change of the authority data is recorded in the authority management system in the form of log.
The log information may include a timestamp, a permission change ID, and permission change content. Further, an operator of the right change may be included. For example, the user a is a department supervisor, the user B is a general employee of the department, and the user a operates on the system to grant the user B a right, so the log information may include an authorizer, an authorized person, authorization time, authorization content, right deadline, and the like.
The monitoring log is mainly used for monitoring each newly added authority change information in the log. It will be understood that the log may also include operations that are not related to the change of the authority, such as a shift of a certain user's station, but the log information will be generated without any change of the authority. In this case, attention needs to be paid to filtering of unauthorized change information.
Optionally, a log monitoring plug-in may be established for monitoring log information in the rights management system.
Step 52: and determining the authority data change information of the authority management system from the log.
The change of rights may include authorization and authorization, as follows:
Figure BDA0002790110450000111
Figure BDA0002790110450000121
step 53: and synchronizing the changed authority data in the authority management system to the authority database according to the authority data change information.
Optionally, according to the permission data change information, acquiring corresponding permission data in the service data table; and storing the acquired authority data into an authority database. Specifically, a business data table name and a corresponding field name in the authority data change information are obtained; searching a corresponding service data table according to the name of the service data table; and searching corresponding authority data in the service data table according to the field name.
One form of the service data table is as follows:
Figure BDA0002790110450000122
for example, if a certain permission change log includes information "Department _ table + Is _ update", the "Department _ table" service data table may be searched from a large number of service data tables, and then permission data for editing Department employee information may be determined according to the field name "Is _ update".
Different from the prior art, the method for synchronizing the authority data provided by the embodiment includes: monitoring a log of the authority management system; determining authority data change information of the authority management system from the log; and synchronizing the changed authority data in the authority management system to the authority database according to the authority data change information. Through the mode, a double-track management mode of the authority management system and the authority database can be realized, when one party changes data, the two parties can be conveniently synchronized, diversified management of the authority data is realized, the management capability is improved, and inconsistency of the authority data is also avoided.
Referring to fig. 6, fig. 6 is a schematic flowchart of a second embodiment of the method for synchronizing authority data provided by the present application, and the method is mainly used for synchronizing the authority data of the authority management system and the authority database. It can be understood that, by collecting the authority data in the authority management system into the authority database through the above-mentioned embodiment, it is possible for any one of the authority management system and the authority database to generate a change of the authority data, and when one changes, it needs to be synchronized to the other, and this embodiment mainly synchronizes from the authority database to the authority management system. The method comprises the following steps:
step 61: and the permission database sends the permission data change message to the message middleware.
Message Middleware (MQ) is a supportive software system that provides synchronous or asynchronous, reliable messaging for application systems in a network environment based on queue and messaging techniques. The message middleware utilizes an efficient and reliable message transfer mechanism for platform-independent data communication and integration of a distributed system based on data communication. By providing a messaging and message queuing model, it can extend inter-process communication in a distributed environment.
Alternatively, the message middleware may employ ActiveMQ, RabbitMQ, or Kafka.
Step 62: and monitoring the message in the message middleware.
Optionally, a plurality of queues may be established in the message middleware, each queue corresponding to a rights management system, for example, one message queue corresponding to the ERP system and another message queue corresponding to the OA system.
In particular, an agent module may be created that listens to messages in each queue in the message middleware to determine if there is permission data to synchronize. It is understood that the agent module may exist in the form of a plug-in, or may be implemented in various ways, such as by a service or process. The agent module and the message middleware may be located in the same device or in different devices.
And step 63: and detecting and confirming that the message middleware has the message, and synchronizing the changed authority data in the authority database to the corresponding authority management system.
Specifically, upon detecting a message in a message queue in the message middleware, the message is consumed, corresponding rights data is determined, and then the rights data is inserted into the rights management system.
Through the two modes, the dual-track management of the authority data is realized, namely, the authority data can be managed by the authority management system (an EPR system or an OA system) and the authority database, and the authority data can be synchronized to the other party no matter which party performs the authority change.
Further, when the authority management system and the authority database perform authority data synchronization, if the authority management system synchronizes a certain authority data to the authority database, the authority data is changed for the authority database. According to the above embodiment, the rights database will send a message to the MQ again and synchronize to the rights management system again, which will cause the rights database and the rights management system to perform data synchronization back and forth, and the following embodiments are directed to solving such a problem.
Different from the prior art, the method for synchronizing the limit data provided by the embodiment includes: the permission database sends the permission data change message to the message middleware; monitoring the message in the message middleware; and detecting and confirming that the message middleware has the message, and synchronizing the changed authority data in the authority database to the corresponding authority management system. Through the mode, a double-track management mode of the authority management system and the authority database can be realized, when one party changes data, the two parties can be conveniently synchronized, diversified management of the authority data is realized, the management capability is improved, and inconsistency of the authority data is also avoided.
Referring to fig. 7, fig. 7 is a schematic flowchart of a third embodiment of a method for synchronizing rights data provided by the present application, where the present embodiment is applied to a rights database to synchronize rights data to a rights management system, and the method includes:
step 71: and the permission database sends the permission data change message to the message middleware.
Step 72: and monitoring the message in the message middleware.
Step 73: and detecting and confirming that the message middleware has a message, and adding first identification information to the changed authority data in the authority database.
Optionally, the rights data includes an authorization object, an authorization time, authorization content, an authorization identifier (i.e., first identification information), and the like, wherein the addition of the authorization identifier depends on which party performs the rights data change, and if the rights data change is performed in the rights database, the first identification information is added.
Step 74: and sending the authority data added with the first identification information to a corresponding authority management system.
In this way, the rights management system can perform normal synchronization operation when receiving the rights data with the first identification information.
Referring to fig. 8, fig. 8 is a schematic flowchart of a fourth embodiment of the method for synchronizing authority data provided by the present application, where the present embodiment is applied to an authority management system to synchronize authority data to an authority database, and the method includes:
step 81: and monitoring a log of the authority management system.
Step 82: and determining the authority data change information of the authority management system from the log.
Step 83: and adding second identification information to the changed authority data in the authority management system according to the authority data change information.
Alternatively, the rights data includes an authorization object, an authorization time, authorization content, an authorization identifier (i.e., second identification information), and the like, wherein the addition of the authorization identifier depends on which party performs the rights data change, and the second identification information is added if the rights data change is performed in the rights management system.
Step 84: and sending the authority data added with the second identification information to an authority database.
In this way, the permission database can perform normal synchronization operation when receiving the permission data with the second identification information.
In the embodiment of fig. 7 and fig. 8, the permission database detects and confirms that the permission data to be synchronized has the first identification information, and does not perform synchronization; and the authority management system detects and confirms that the authority data to be synchronized has the second identification information, and does not perform synchronization.
For example, when the authority database performs an authorization operation, the identifier a is added to the authority data, and when the authority management system performs an authorization operation, the identifier B is added to the authority data. Then, when receiving that a certain permission data sent by the permission management system contains the identifier a, the permission database can determine that the permission data is authorized by itself, and does not need to perform synchronization operation again. Similarly, when receiving that a certain permission data sent by the permission database contains the identifier B, the permission management system can determine that the permission data is authorized by itself, and does not need to perform synchronization operation again.
In addition, in other embodiments, because both the EPR system and the OA system have an existing rights management system, the rights management system may not be modified, that is, only the identification information is added when the data in the rights database is changed, and no identification is made when the rights management system changes the rights. Then, the authority database only synchronizes the authority data without any identifier, and the authority management system only synchronizes the authority data with the identifier information.
Optionally, in an embodiment, all the rights data in the rights management system and the rights database may be synchronized once according to a set frequency, so that data consistency between the two may be ensured.
Referring to fig. 9, fig. 9 is a schematic flowchart of a first embodiment of a method for managing rights data provided by the present application, where the method includes:
step 91: obtaining a data set from a rights management system; wherein the data set includes at least one of base rights data, rights alteration data, and rights consumption data.
It is to be understood that, in the above-described embodiment, the rights data in the rights management system is collected into the rights database. In the embodiment, a data lake is established, and then the authority data in the authority database or the authority management system is collected into the data lake, so that the management is facilitated.
The data set may include:
Figure BDA0002790110450000161
optionally, in an embodiment, step 91 may include: obtaining log data from a rights management system; filtering non-authority data in the log data; and processing the filtered log data to obtain basic authority data and authority change data.
Since the log in the rights management system contains non-rights change information, filtering of non-rights data is required.
During data collection, log information can be collected by using a probe, authority data of an authority management system (such as an ERP system or an OA system) is collected by using a collection probe (such as a log) so as to collect incremental log data, data except the authority log is intercepted, and the reserved log data is stored in an authority data lake. Because the log generally includes an audit log (authorization, etc.), basic authority data needs to be collected to complete the audit data.
In addition, ETL (Extract-Transform-Load) data acquisition can be used, wherein the ETL is used for extracting data in distributed and heterogeneous data sources, such as relationship data, plane data files and the like, to a temporary middle layer, then cleaning, converting and integrating the data, and finally loading the data to a data warehouse or a data mart to become the basis of online analysis processing and data mining. The ETL starts different tasks, each task is used to collect authority incremental data of different business objects (users, organizations, posts, authorities, roles, etc.), and then controls the operation of each task in a unified manner, so as to realize data collection.
When data is acquired, the data acquisition can be divided into real-time acquisition and non-real-time acquisition. Collecting in real time, and monitoring log data of the authority management system in real time; adding the filtered log data into a buffer queue, and processing the log data in the buffer queue in real time; after the log of the authority management system is monitored in real time, real-time calculation of data and real-time data acquisition are carried out in a data stream buffering mode immediately. Acquiring log data from the right management system at intervals of a preset time period in a non-real-time manner; namely, calculating data within a period of time by a construction mode of off-line calculation, and then collecting the data.
And step 92: the data set is imported into a data lake.
A Data Lake (Data Lake) is a repository or system that stores Data in raw format. It stores the data as it is without the need for structuring the data in advance. A data lake may store structured data (e.g., tables in a relational database), semi-structured data (e.g., CSV, log, XML, JSON), unstructured data (e.g., email, document, PDF), and binary data (e.g., graphics, audio, video).
Step 93: and auditing the data in the data lake to obtain an audit report.
Data auditing is an audit of the entire life cycle for application, creation, use (consumption), reclamation, and destruction of rights data.
The auditing of the application process, the creation process, the recovery process and the destruction process mainly comprises the steps of judging whether the application process is legal (meets preset rules), whether an applicant and an approver meet qualification, whether the applied authority meets requirements and the like.
Optionally, during auditing, corresponding feature data is acquired from the rights data according to requirements, and a corresponding auditing result is obtained by analyzing the feature data.
For example, based on the authority consumption data, determining a current consumption place and a previous consumption place corresponding to the target authority consumption data; and detecting and confirming that the current consumption place is different from the previous consumption place, and determining that the target authority consumption data is illegal.
It can be understood that, taking login authority as an example, if the last time is logged in Shanghai, the next time is logged in Shenzhen, and the audit is logged in different places.
For example, based on the base rights data and the rights consumption data, determining a ratio of the rights data that was consumed to the total rights data; and detecting and confirming that the ratio is smaller than a set proportion threshold value, and determining that the consumption rate of the authority data is unqualified.
It is understood that a user has 100 rights, but only 30 rights are used daily, which can be used as a category of data governance.
In an optional embodiment, the audit report is displayed, and the display content at least comprises the life cycle of application, creation, use, recovery and destruction of the authority data.
For example, the auditing result can be presented in a kanban form, and the enterprise high administration can see that a plurality of business systems are accessed in total, the authority management efficiency is improved, data of a plurality of dimensions and the value of an authority database. Due to the fact that management views ' application, creation, use, recovery and destruction ' of the complete life cycle, manageability, awareness and traceability ' of all business links are achieved finally.
Different from the prior art, the method for managing rights data provided by the embodiment includes: obtaining a data set from a rights management system; wherein the data set comprises at least one of basic rights data, rights alteration data, and rights consumption data; importing a data set into a data lake; and auditing the data in the data lake to obtain an audit report. By the method, the authority data in the authority database and the authority management system can be managed in a unified mode, the whole life cycle of each authority data is tracked, and management and control of each link are achieved.
Referring to fig. 10, fig. 10 is a schematic structural diagram of an embodiment of a rights data management device provided in the present application, where the data management device 100 includes a processor 101 and a memory 102, the memory 102 is used for storing program data, and the processor 101 is used for executing the program data to implement the following methods:
acquiring an authority data acquisition instruction; determining the dimensionality of the authority data in the authority management system based on the authority data acquisition instruction; the dimensionality of the authority data at least comprises one of user information, user classification and authority information; and starting a plurality of threads corresponding to the dimensionality of the authority data, and collecting the authority data of the corresponding dimensionality by utilizing each thread.
Acquiring first authority data of a first authority management system; performing multi-dimensional analysis on the first authority data to obtain a plurality of first data analysis results; wherein the multidimensional analysis comprises at least one of authorized object analysis, authorized scope analysis and authorized content analysis; and generating a permission data analysis report according to the plurality of first data analysis results.
Monitoring a log of the authority management system; determining authority data change information of the authority management system from the log; and synchronizing the changed authority data in the authority management system to the authority database according to the authority data change information.
The permission database sends the permission data change message to the message middleware; monitoring the message in the message middleware; and detecting and confirming that the message middleware has the message, and synchronizing the changed authority data in the authority database to the corresponding authority management system.
Obtaining a data set from a rights management system; wherein the data set comprises at least one of basic rights data, rights alteration data, and rights consumption data; importing a data set into a data lake; and auditing the data in the data lake to obtain an audit report.
Referring to fig. 11, fig. 11 is a schematic structural diagram of an embodiment of a computer-readable storage medium provided in the present application, the computer-readable storage medium 110 stores program data 111, and the program data 111, when executed by a processor, is used to implement the following method:
acquiring an authority data acquisition instruction; determining the dimensionality of the authority data in the authority management system based on the authority data acquisition instruction; the dimensionality of the authority data at least comprises one of user information, user classification and authority information; and starting a plurality of threads corresponding to the dimensionality of the authority data, and collecting the authority data of the corresponding dimensionality by utilizing each thread.
Acquiring first authority data of a first authority management system; performing multi-dimensional analysis on the first authority data to obtain a plurality of first data analysis results; wherein the multidimensional analysis comprises at least one of authorized object analysis, authorized scope analysis and authorized content analysis; and generating a permission data analysis report according to the plurality of first data analysis results.
Monitoring a log of the authority management system; determining authority data change information of the authority management system from the log; and synchronizing the changed authority data in the authority management system to the authority database according to the authority data change information.
The permission database sends the permission data change message to the message middleware; monitoring the message in the message middleware; and detecting and confirming that the message middleware has the message, and synchronizing the changed authority data in the authority database to the corresponding authority management system.
Obtaining a data set from a rights management system; wherein the data set comprises at least one of basic rights data, rights alteration data, and rights consumption data; importing a data set into a data lake; and auditing the data in the data lake to obtain an audit report.
In the several embodiments provided in the present application, it should be understood that the disclosed method and apparatus may be implemented in other manners. For example, the above-described device embodiments are merely illustrative, and for example, the division of the modules or units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The above description is only for the purpose of illustrating embodiments of the present application and is not intended to limit the scope of the present application, and all modifications of equivalent structures and equivalent processes, which are made according to the content of the present specification and the accompanying drawings, or which are directly or indirectly applied to other related technical fields, are also included in the scope of the present application.

Claims (10)

1. A method for analyzing rights data, the method comprising:
acquiring first authority data of a first authority management system;
performing multi-dimensional analysis on the first authority data to obtain a plurality of first data analysis results; wherein the multidimensional analysis comprises at least one of an authorized object analysis, an authorized scope analysis, and an authorized content analysis;
and generating a permission data analysis report according to the plurality of first data analysis results.
2. The method of claim 1,
performing multidimensional analysis on the first permission data to obtain a plurality of first data analysis results, including:
querying multidimensional feature data from the first permission data;
and analyzing the multi-dimensional characteristic data respectively to obtain a plurality of first data analysis results.
3. The method of claim 2,
the querying multidimensional feature data from the first permission data comprises:
running a plurality of query models in parallel, and respectively querying the feature data of the corresponding dimension from the first authority data;
the analyzing the multidimensional feature data respectively to obtain a plurality of first data analysis results includes:
and operating a plurality of analysis models, and analyzing the feature data of one dimension obtained by each query model respectively to obtain a plurality of first data analysis results.
4. The method of claim 1,
the method further comprises the following steps:
acquiring second authority data of a second authority management system; the first authority management system and the second authority management system are the same authority management system, and the first authority data and the second authority data are obtained from different batches;
performing multi-dimensional analysis on the second authority data to obtain a plurality of second data analysis results;
and comparing the first data analysis result with the second data analysis result to obtain a first comparison analysis result.
5. The method of claim 1,
the method further comprises the following steps:
acquiring third authority data of a third authority management system; the first right management system and the third right management system are different and are used for carrying out right data management on the same object group;
performing multi-dimensional analysis on the third permission data to obtain a plurality of third data analysis results;
and comparing the first data analysis result with the third data analysis result to obtain a second comparative analysis result.
6. The method of claim 1,
the method further comprises the following steps:
acquiring fourth authority data of a fourth authority management system; the first right management system and the fourth right management system are the same right management system and are used for respectively managing right data of different object groups;
performing multidimensional analysis on the fourth authority data to obtain a plurality of fourth data analysis results;
and comparing the first data analysis result with the fourth data analysis result to obtain a third comparative analysis result.
7. The method of claim 1,
the generating of the permission data analysis report according to the plurality of first data analysis results includes:
generating a character analysis result and a chart analysis result according to the plurality of first data analysis results;
and combining the character analysis result and the chart analysis result to obtain a final analysis result.
8. The method of claim 7,
the method further comprises the following steps:
comparing the analysis result with a corresponding preset boundary value;
and detecting and confirming that the analysis result does not meet the preset boundary value requirement, and providing a rectification suggestion for the authority data of the dimension corresponding to the analysis result.
9. A rights data management device, comprising a processor and a memory, the memory for storing program data, the processor for executing the program data to implement the method of any one of claims 1 to 8.
10. A computer-readable storage medium, in which program data are stored which, when being executed by a processor, are adapted to carry out the method according to any one of claims 1-8.
CN202011311990.2A 2020-11-20 2020-11-20 Authority data analysis method, management device and storage medium Pending CN113407526A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011311990.2A CN113407526A (en) 2020-11-20 2020-11-20 Authority data analysis method, management device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011311990.2A CN113407526A (en) 2020-11-20 2020-11-20 Authority data analysis method, management device and storage medium

Publications (1)

Publication Number Publication Date
CN113407526A true CN113407526A (en) 2021-09-17

Family

ID=77677529

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011311990.2A Pending CN113407526A (en) 2020-11-20 2020-11-20 Authority data analysis method, management device and storage medium

Country Status (1)

Country Link
CN (1) CN113407526A (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107358376A (en) * 2017-08-25 2017-11-17 袁也 Corporation finance system and method based on performance management and financial analysis
CN109145045A (en) * 2018-09-13 2019-01-04 广东电网有限责任公司 Electric network operation data multidimensional degree analysis method and system based on artificial intelligence technology
CN109726187A (en) * 2019-01-02 2019-05-07 北京信息科技大学 A kind of adaptive authority control method and device towards Hadoop
CN110781252A (en) * 2019-11-05 2020-02-11 安徽数据堂科技有限公司 Intelligent data analysis visualization method based on big data
CN111079130A (en) * 2019-12-19 2020-04-28 朱倩缘 User authority management system and method based on data analysis
CN111125679A (en) * 2019-11-15 2020-05-08 广东数果科技有限公司 Management system and method for railway intelligent data portal
CN111881224A (en) * 2020-08-06 2020-11-03 广东省信息工程有限公司 Multidimensional data analysis method and system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107358376A (en) * 2017-08-25 2017-11-17 袁也 Corporation finance system and method based on performance management and financial analysis
CN109145045A (en) * 2018-09-13 2019-01-04 广东电网有限责任公司 Electric network operation data multidimensional degree analysis method and system based on artificial intelligence technology
CN109726187A (en) * 2019-01-02 2019-05-07 北京信息科技大学 A kind of adaptive authority control method and device towards Hadoop
CN110781252A (en) * 2019-11-05 2020-02-11 安徽数据堂科技有限公司 Intelligent data analysis visualization method based on big data
CN111125679A (en) * 2019-11-15 2020-05-08 广东数果科技有限公司 Management system and method for railway intelligent data portal
CN111079130A (en) * 2019-12-19 2020-04-28 朱倩缘 User authority management system and method based on data analysis
CN111881224A (en) * 2020-08-06 2020-11-03 广东省信息工程有限公司 Multidimensional data analysis method and system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
强静仁等: "智能家居基本原理及应用", 华中科技大学出版社, pages: 36 - 37 *
钟业荣: "系统用户权限数据的分析", 《科学与财富》, pages 216 *

Similar Documents

Publication Publication Date Title
CN110019176B (en) Data management control system for improving success rate of data management service
CN114925045B (en) PaaS platform for big data integration and management
US8463811B2 (en) Automated correlation discovery for semi-structured processes
US8868583B2 (en) Similarity calculation apparatus
US9686163B2 (en) Determining events by analyzing stored electronic communications
CN110399363B (en) Problem data full life cycle data quality management method and system
JP2007193685A (en) Program for displaying personal connection information, recording medium with the program recorded thereon, device for displaying personal connection information, and method for displaying personal connection information
CN113223678A (en) Medical material guarantee scheduling system
CN111080261A (en) Visual data asset management system based on big data
CN115794929B (en) Data management system and data management method for data marts
CN116205396A (en) Data panoramic monitoring method and system based on data center
CN110928864A (en) Scientific research project management method and system
CN113407527B (en) Authority data acquisition method, authority data management device and storage medium
CN113407530A (en) Permission data recovery method, management device and storage medium
CN111538720B (en) Method and system for cleaning basic data of power industry
CN113407526A (en) Authority data analysis method, management device and storage medium
CN113407529A (en) Method and device for managing authority data lake and storage medium
CN113407528A (en) Authority data synchronization method, management device and storage medium
CN113986656B (en) Power grid data safety monitoring system based on data center platform
CN115391432A (en) Judicial big data processing method, system, server and storage medium
CN111797084B (en) Data coding through mark inspection method and system based on weapon equipment test flow
CN112085412A (en) Resource optimization distribution system and distribution method
CN115357657B (en) Data processing method and device, computer equipment and storage medium
CN109697602B (en) Data processing system for checking fees
CN115345462B (en) Task overall planning and merging method and system for provincial administration

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 528311 3rd Floor, Building 5, Midea Global Innovation Center, Industrial Avenue, Beijiao Town, Shunde District, Foshan City, Guangdong Province

Applicant after: Meiyun Zhishu Technology Co.,Ltd.

Address before: 528311 3rd Floor, Building 5, Midea Global Innovation Center, Industrial Avenue, Beijiao Town, Shunde District, Foshan City, Guangdong Province

Applicant before: Guangdong Meiyun Zhishu Technology Co.,Ltd.

CB02 Change of applicant information